Vulnerabilities > IBM > API Connect > 5.0.7.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-04-04 | CVE-2018-1469 | Unspecified vulnerability in IBM API Connect IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially crafted HTTP requests. | 9.8 |
2018-02-07 | CVE-2018-1382 | Cross-site Scripting vulnerability in IBM API Connect IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. | 5.4 |
2018-02-07 | CVE-2017-1785 | Information Exposure vulnerability in IBM API Connect IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. | 4.3 |
2017-09-25 | CVE-2017-1555 | Improper Input Validation vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. | 4.3 |
2017-09-25 | CVE-2017-1551 | Improper Input Validation vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. | 6.1 |
2017-09-13 | CVE-2017-1556 | Improper Input Validation vulnerability in IBM API Connect 5.0.7.0/5.0.7.1/5.0.7.2 IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. | 6.5 |
2017-06-15 | CVE-2017-1379 | Information Exposure vulnerability in IBM API Connect IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. | 7.5 |