Vulnerabilities > IBM > API Connect > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-08-26 CVE-2021-29772 Code Injection vulnerability in IBM API Connect
IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input.
network
low complexity
ibm CWE-94
critical
 9.8
9.8
2021-08-26 CVE-2021-29715 Unspecified vulnerability in IBM API Connect
IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information or conduct denial of serivce attacks due to open ports.
network
low complexity
ibm
critical
 9.1
9.1
2021-01-05 CVE-2020-4899 Cleartext Transmission of Sensitive Information vulnerability in IBM API Connect
IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network.
network
low complexity
ibm CWE-319
critical
 9.1
9.1
2019-04-15 CVE-2019-4202 OS Command Injection vulnerability in IBM API Connect
IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection.
network
low complexity
ibm CWE-78
critical
 10.0
10
2019-04-15 CVE-2019-4203 Server-Side Request Forgery (SSRF) vulnerability in IBM API Connect
IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks.
network
low complexity
ibm CWE-918
critical
 9.8
9.8
2019-04-08 CVE-2019-4155 Unspecified vulnerability in IBM API Connect
IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted by a privilege escalation vulnerability when integrated with an OpenID Connect (OIDC) user registry.
network
low complexity
ibm
critical
 9.8
9.8
2019-02-07 CVE-2019-4008 Information Exposure Through Log Files vulnerability in IBM API Connect
API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak.
network
low complexity
ibm CWE-532
critical
 9.8
9.8
2018-12-20 CVE-2018-1784 Unspecified vulnerability in IBM API Connect
IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework.
network
low complexity
ibm
critical
 9.8
9.8
2018-09-07 CVE-2018-1789 Server-Side Request Forgery (SSRF) vulnerability in IBM API Connect
IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack.
network
low complexity
ibm CWE-918
critical
 9.9
9.9
2018-08-16 CVE-2018-1712 Cross-Site Request Forgery (CSRF) vulnerability in IBM API Connect
IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery.
network
low complexity
ibm CWE-352
critical
 9.9
9.9