Vulnerabilities > IBM > API Connect
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-29 | CVE-2020-4452 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM API Connect IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2020-06-12 | CVE-2020-4251 | Cross-site Scripting vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. | 5.4 |
| 2020-05-12 | CVE-2020-4346 | Unspecified vulnerability in IBM API Connect IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server has an unsecured api which can be exploited by an unauthenticated attacker to obtain sensitive information. | 5.3 |
| 2020-05-12 | CVE-2020-4195 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM API Connect IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. | 5.4 |
| 2020-03-24 | CVE-2019-4553 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM API Connect IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2019-12-18 | CVE-2019-4609 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM API Connect 2018.4.1.7 IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2019-12-16 | CVE-2019-4444 | Information Exposure vulnerability in IBM API Connect IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. | 5.5 |
| 2019-10-29 | CVE-2019-4600 | Unspecified vulnerability in IBM API Connect IBM API Connect version V5.0.0.0 through 5.0.8.7 could reveal sensitive information to an attacker using a specially crafted HTTP request. | 5.3 |
| 2019-08-20 | CVE-2019-4437 | Information Exposure vulnerability in IBM API Connect IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. | 5.3 |
| 2019-08-20 | CVE-2019-4460 | Path Traversal vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. | 7.5 |