The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of IBM API Connect

CKEditor: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of CKEditor, in order to run JavaScript code in the context of the web site...
6208032, 6208039, 6208048, 6208052, 6208328, 6208330, 6208332, 6208333, 6208336, CERTFR-2020-AVI-163, DRUPAL-SA-CORE-2020-001, VIGILANCE-VUL-31824
IBM API Connect: information disclosure via Weak Cryptographic Algorithms
An attacker can bypass access restrictions to data via Weak Cryptographic Algorithms of IBM API Connect, in order to obtain sensitive information...
5693588, CVE-2019-4553, VIGILANCE-VUL-31795
nginx: information disclosure via error_page Request Smuggling
An attacker can bypass access restrictions to data via error_page Request Smuggling of nginx, in order to obtain sensitive information...
6208032, 6208039, 6208048, 6208052, 6208328, 6208330, 6208332, 6208333, 6208336, CVE-2019-20372, openSUSE-SU-2020:0204-1, SUSE-SU-2020:0348-1, SUSE-SU-2020:1171-1, USN-4235-1, USN-4235-2, VIGILANCE-VUL-31301
IBM API Connect: information disclosure via Weak Cryptographic Algorithms
An attacker can bypass access restrictions to data via Weak Cryptographic Algorithms of IBM API Connect, in order to obtain sensitive information...
1137460, CVE-2019-4609, VIGILANCE-VUL-31176
IBM API Connect Developer Portal: privilege escalation via Credential Caching
An attacker can bypass restrictions via Credential Caching of IBM API Connect Developer Portal, in order to escalate his privileges...
1126833, CVE-2019-4444, VIGILANCE-VUL-31171
Go: assertion error via dsa.Verify
An attacker can force an assertion error via dsa.Verify() of Go, in order to trigger a denial of service...
1283668, CVE-2019-17596, DSA-4551-1, ESA-2019-15, ESA-2019-16, openSUSE-SU-2019:2521-1, openSUSE-SU-2019:2522-1, RHSA-2020:0329-01, SUSE-SU-2019:2940-1, VIGILANCE-VUL-30722
IBM API Connect: information disclosure via Developer Portal
An attacker can bypass access restrictions to data via Developer Portal of IBM API Connect, in order to obtain sensitive information...
1079127, CVE-2019-4600, VIGILANCE-VUL-30714
Kubernetes: infinite loop via Json/yaml Decoding
An attacker can trigger an infinite loop via Json/yaml Decoding of Kubernetes, in order to trigger a denial of service...
1167142, 83253, CVE-2019-11253, VIGILANCE-VUL-30640
Kubernetes: directory traversal via Kubectl Symlinks
An attacker can traverse directories via Kubectl Symlinks of Kubernetes, in order to create a file outside the service root path...
1274986, CVE-2019-11251, VIGILANCE-VUL-30362
IBM API Connect: directory traversal
An attacker can traverse directories of IBM API Connect, in order to read a file outside the service root path...
CVE-2019-4460, ibm10960848, VIGILANCE-VUL-30119
Our database contains other pages. You can request a free trial to read them.

Display information about IBM API Connect: