Vulnerabilities > IBM > API Connect > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-04 | CVE-2020-4640 | Information Exposure vulnerability in IBM API Connect Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. | 4.1 |
| 2021-01-12 | CVE-2020-4838 | Cross-site Scripting vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to stored cross-site scripting. | 5.4 |
| 2020-09-03 | CVE-2020-4337 | Unspecified vulnerability in IBM API Connect IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker to launch phishing attacks by tricking the server to generate user registration emails that contain malicious URLs. | 6.5 |
| 2020-06-12 | CVE-2020-4251 | Cross-site Scripting vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. | 5.4 |
| 2020-05-12 | CVE-2020-4346 | Unspecified vulnerability in IBM API Connect IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server has an unsecured api which can be exploited by an unauthenticated attacker to obtain sensitive information. | 5.3 |
| 2020-05-12 | CVE-2020-4195 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM API Connect IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. | 5.4 |
| 2019-12-16 | CVE-2019-4444 | Information Exposure vulnerability in IBM API Connect IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. | 5.5 |
| 2019-10-29 | CVE-2019-4600 | Unspecified vulnerability in IBM API Connect IBM API Connect version V5.0.0.0 through 5.0.8.7 could reveal sensitive information to an attacker using a specially crafted HTTP request. | 5.3 |
| 2019-08-20 | CVE-2019-4437 | Information Exposure vulnerability in IBM API Connect IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. | 5.3 |
| 2019-06-25 | CVE-2019-4382 | Cleartext Transmission of Sensitive Information vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. | 5.3 |