Vulnerabilities > IBM > API Connect > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-15 | CVE-2019-4202 | OS Command Injection vulnerability in IBM API Connect IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. | 10.0 |
| 2019-04-15 | CVE-2019-4203 | Server-Side Request Forgery (SSRF) vulnerability in IBM API Connect IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. | 9.8 |
| 2019-02-07 | CVE-2019-4008 | Information Exposure Through Log Files vulnerability in IBM API Connect API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. | 9.8 |
| 2018-12-20 | CVE-2018-1778 | Improper Authentication vulnerability in IBM API Connect IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4) could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to the other user’s data / access to their privileges (if the user happens to be an Admin for example). | 9.3 |
| 2018-12-20 | CVE-2018-1973 | Improper Privilege Management vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'API Administrator level access to give themselves full 'Administrator' level access through the members functionality. | 9.0 |
| 2018-04-04 | CVE-2018-1469 | Unspecified vulnerability in IBM API Connect IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially crafted HTTP requests. | 10.0 |