Vulnerabilities > IBM > API Connect
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-08 | CVE-2020-4695 | Cleartext Transmission of Sensitive Information vulnerability in IBM API Connect 10.0.0.0/10.0.1.0 IBM API Connect V10 is impacted by insecure communications during database replication. | 7.5 |
| 2021-02-04 | CVE-2020-4828 | Improper Input Validation vulnerability in IBM API Connect IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. | 6.5 |
| 2021-02-04 | CVE-2020-4827 | Cross-Site Request Forgery (CSRF) vulnerability in IBM API Connect IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2021-02-04 | CVE-2020-4826 | Cross-Site Request Forgery (CSRF) vulnerability in IBM API Connect IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2021-02-04 | CVE-2020-4825 | Cross-site Scripting vulnerability in IBM API Connect IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site scripting. | 5.4 |
| 2021-02-04 | CVE-2020-4640 | Information Exposure vulnerability in IBM API Connect Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. | 4.1 |
| 2021-01-12 | CVE-2020-4838 | Cross-site Scripting vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to stored cross-site scripting. | 5.4 |
| 2021-01-05 | CVE-2020-4899 | Cleartext Transmission of Sensitive Information vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. | 9.1 |
| 2020-09-03 | CVE-2020-4638 | Unspecified vulnerability in IBM API Connect IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. | 7.2 |
| 2020-09-03 | CVE-2020-4337 | Unspecified vulnerability in IBM API Connect IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker to launch phishing attacks by tricking the server to generate user registration emails that contain malicious URLs. | 6.5 |