Vulnerabilities > IBM > API Connect > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-08-22 CVE-2018-1599 Improper Input Validation vulnerability in IBM API Connect
IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to hijack the clicking action of the victim.
network
low complexity
ibm CWE-20
5.4
2018-07-09 CVE-2018-1548 Information Exposure vulnerability in IBM API Connect
IBM API Connect 2018.1.0.0, 2018.2.1, 2018.2.2, 2018.2.3, and 2018.2.4 contains a vulnerability that could allow an authenticated user to obtain sensitive information.
network
low complexity
ibm CWE-200
4.3
2018-05-31 CVE-2018-1532 Information Exposure vulnerability in IBM API Connect
IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system.
network
low complexity
ibm CWE-200
4.3
2018-05-02 CVE-2018-1468 Information Exposure vulnerability in IBM API Connect 5.0.8.1/5.0.8.2
IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access to internal environment and sensitive API details to which they are not authorized.
network
low complexity
ibm CWE-200
4.3
2018-04-30 CVE-2018-1430 Cross-site Scripting vulnerability in IBM API Connect
IBM API Connect 5.0.0.0 through 5.0.8.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2018-04-30 CVE-2018-1389 Unspecified vulnerability in IBM API Connect
IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship allowing unauthorized modification of information.
network
low complexity
ibm
6.5
2018-02-07 CVE-2018-1382 Cross-site Scripting vulnerability in IBM API Connect
IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2018-02-07 CVE-2017-1785 Information Exposure vulnerability in IBM API Connect
IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information.
network
low complexity
ibm CWE-200
4.3
2017-09-25 CVE-2017-1555 Improper Input Validation vulnerability in IBM API Connect
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan.
network
low complexity
ibm CWE-20
4.3
2017-09-25 CVE-2017-1551 Improper Input Validation vulnerability in IBM API Connect
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim.
network
low complexity
ibm CWE-20
6.1