Vulnerabilities > IBM > API Connect > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-05-12 | CVE-2023-28522 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM API Connect 10.0.0.0/10.0.1.0/10.0.1.1 IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. | 8.8 |
2023-02-08 | CVE-2022-34350 | Improper Input Validation vulnerability in IBM API Connect IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. | 7.5 |
2021-03-08 | CVE-2020-4695 | Cleartext Transmission of Sensitive Information vulnerability in IBM API Connect 10.0.0.0/10.0.1.0 IBM API Connect V10 is impacted by insecure communications during database replication. | 7.5 |
2020-09-03 | CVE-2020-4638 | Unspecified vulnerability in IBM API Connect IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. | 7.2 |
2020-06-29 | CVE-2020-4452 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM API Connect IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
2020-03-24 | CVE-2019-4553 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM API Connect IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
2019-12-18 | CVE-2019-4609 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM API Connect 2018.4.1.7 IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
2019-08-20 | CVE-2019-4460 | Path Traversal vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. | 7.5 |
2019-08-20 | CVE-2019-4402 | Unspecified vulnerability in IBM API Connect IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. | 7.5 |
2019-06-25 | CVE-2018-1858 | Cross-Site Request Forgery (CSRF) vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |