Vulnerabilities > IBM > API Connect > High

DATE CVE VULNERABILITY TITLE RISK
2023-05-12 CVE-2023-28522 Incorrect Permission Assignment for Critical Resource vulnerability in IBM API Connect 10.0.0.0/10.0.1.0/10.0.1.1
IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to.
network
low complexity
ibm CWE-732
8.8
2023-02-08 CVE-2022-34350 Improper Input Validation vulnerability in IBM API Connect
IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input.
network
low complexity
ibm CWE-20
7.5
2021-03-08 CVE-2020-4695 Cleartext Transmission of Sensitive Information vulnerability in IBM API Connect 10.0.0.0/10.0.1.0
IBM API Connect V10 is impacted by insecure communications during database replication.
network
low complexity
ibm CWE-319
7.5
2020-09-03 CVE-2020-4638 Unspecified vulnerability in IBM API Connect
IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation.
network
low complexity
ibm
7.2
2020-06-29 CVE-2020-4452 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM API Connect
IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2020-03-24 CVE-2019-4553 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM API Connect
IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2019-12-18 CVE-2019-4609 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM API Connect 2018.4.1.7
IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2019-08-20 CVE-2019-4460 Path Traversal vulnerability in IBM API Connect
IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
7.5
2019-08-20 CVE-2019-4402 Unspecified vulnerability in IBM API Connect
IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API.
network
low complexity
ibm
7.5
2019-06-25 CVE-2018-1858 Cross-Site Request Forgery (CSRF) vulnerability in IBM API Connect
IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8