Vulnerabilities > IBM > API Connect > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-08-22 | CVE-2018-1599 | Improper Input Validation vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to hijack the clicking action of the victim. | 5.4 |
2018-07-09 | CVE-2018-1548 | Information Exposure vulnerability in IBM API Connect IBM API Connect 2018.1.0.0, 2018.2.1, 2018.2.2, 2018.2.3, and 2018.2.4 contains a vulnerability that could allow an authenticated user to obtain sensitive information. | 4.3 |
2018-07-06 | CVE-2018-1546 | Information Exposure vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
2018-05-31 | CVE-2018-1532 | Information Exposure vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. | 4.3 |
2018-05-02 | CVE-2018-1468 | Information Exposure vulnerability in IBM API Connect 5.0.8.1/5.0.8.2 IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access to internal environment and sensitive API details to which they are not authorized. | 4.3 |
2018-04-30 | CVE-2018-1430 | Cross-site Scripting vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.2 is vulnerable to cross-site scripting. | 5.4 |
2018-04-30 | CVE-2018-1389 | Unspecified vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship allowing unauthorized modification of information. | 6.5 |
2018-02-07 | CVE-2018-1382 | Cross-site Scripting vulnerability in IBM API Connect IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. | 5.4 |
2018-02-07 | CVE-2017-1785 | Information Exposure vulnerability in IBM API Connect IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. | 4.3 |
2017-09-25 | CVE-2017-1555 | Improper Input Validation vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. | 4.3 |