Computer vulnerabilities of IBM API Connect

IBM API Connect: Cross Site Scripting via Web UI
An attacker can trigger a Cross Site Scripting via Web UI of IBM API Connect, in order to run JavaScript code in the context of the web site...
6209125, CVE-2020-4251, VIGILANCE-VUL-32528

Drupal Core 7: open redirect via drupal_goto
An attacker can deceive the user via drupal_goto() of Drupal Core 7, in order to redirect him to a malicious site...
6226330, CVE-2020-13662, DLA-2250-1, DRUPAL-SA-CORE-2020-002, DRUPAL-SA-CORE-2020-003, FEDORA-2020-11be4b36d4, VIGILANCE-VUL-32314

PHP: memory leak
An attacker can create a memory leak of PHP, in order to trigger a denial of service...
6253313, 78875, 78876, CERTFR-2020-AVI-292, CERTFR-2020-AVI-371, CVE-2019-11048, DLA-2261-1, DSA-4717-1, DSA-4719-1, FEDORA-2020-3ea2253402, FEDORA-2020-8838d072d5, FEDORA-2020-9fa7f4e25c, openSUSE-SU-2020:0847-1, SUSE-SU-2020:1661-1, SUSE-SU-2020:1661-2, SUSE-SU-2020:1714-1, USN-4375-1, VIGILANCE-VUL-32274

IBM API Connect: information disclosure via management server
An attacker can bypass access restrictions to data via management server of IBM API Connect, in order to obtain sensitive information...
6208032, 6208039, 6208048, 6208052, 6208328, 6208330, 6208332, 6208333, 6208336, CVE-2020-4346, VIGILANCE-VUL-32230

IBM API Connect: privilege escalation via clickjacking
An attacker can bypass restrictions via clickjacking of IBM API Connect, in order to escalate his privileges...
6208032, 6208039, 6208048, 6208052, 6208328, 6208330, 6208332, 6208333, 6208336, CVE-2020-4195, VIGILANCE-VUL-32229

PHP: multiple vulnerabilities
An attacker can use several vulnerabilities of PHP...
6250489, 79330, 79465, CERTFR-2020-AVI-228, CVE-2020-7067, DLA-2188-1, DSA-4717-1, DSA-4719-1, FEDORA-2020-62ee541bbb, FEDORA-2020-96cb012029, VIGILANCE-VUL-32047

jQuery Core: Cross Site Scripting via HtmlPrefilter Regex
An attacker can trigger a Cross Site Scripting via HtmlPrefilter Regex of jQuery Core, in order to run JavaScript code in the context of the web site...
20200601, 20200602, 20200603, 20200604, 20200605, 6217392, 6253319, CERTFR-2020-AVI-310, CERTFR-2020-AVI-335, cpujul2020, CVE-2020-11022, CVE-2020-11023, DRUPAL-SA-CORE-2020-002, DRUPAL-SA-CORE-2020-003, DSA-4693-1, FEDORA-2020-11be4b36d4, FEDORA-2020-7dddce530c, FEDORA-2020-8a15713da2, K02453220, K66544153, NPM-1518, openSUSE-SU-2020:1060-1, openSUSE-SU-2020:1106-1, VIGILANCE-VUL-32007

Kubernetes: overload via kube-apiserver YAML
An attacker can trigger an overload via kube-apiserver YAML of Kubernetes, in order to trigger a denial of service...
6208032, 6208039, 6208048, 6208052, 6208328, 6208330, 6208332, 6208333, 6208336, 89535, CVE-2019-11254, VIGILANCE-VUL-31915

Kubernetes: denial of service via API Server
An attacker can trigger a fatal error via API Server of Kubernetes, in order to trigger a denial of service...
6234196, CVE-2020-8552, VIGILANCE-VUL-31861

Kubernetes: denial of service via Kubelet
An attacker can trigger a fatal error via Kubelet of Kubernetes, in order to trigger a denial of service...
6234196, CVE-2020-8551, VIGILANCE-VUL-31860

Our database contains other pages. You can request a free trial to read them.

Display information about IBM API Connect:

https://www.ibm.com/cloud/api-connect?loc=fr-fr