The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of IBM API Connect

2	IBM API Connect: directory traversal An attacker can traverse directories of IBM API Connect, in order to read a file outside the service root path... CVE-2019-4460, ibm10960848, VIGILANCE-VUL-30119

2	IBM API Connect: information disclosure via API Swagger An attacker can bypass access restrictions to data via API Swagger of IBM API Connect, in order to obtain sensitive information... CVE-2019-4437, ibm10960876, VIGILANCE-VUL-30118

2	Go: information disclosure via Message Forgery An attacker can bypass access restrictions to data via Message Forgery of Go, in order to obtain sensitive information... CVE-2019-11841, DLA-1920-1, ibm10960884, VIGILANCE-VUL-30047

2	Go: executing DLL code An attacker can create a malicious DLL, and then put it in the current directory of Go, in order to execute code... CVE-2019-9634, ibm10960882, VIGILANCE-VUL-30046

2	Go: information disclosure via Process Creation An attacker can bypass access restrictions to data via Process Creation of Go, in order to obtain sensitive information... CVE-2019-11888, ibm10960850, VIGILANCE-VUL-30045

2	IBM API Connect: denial of service via Unprotected API An attacker can trigger a fatal error via Unprotected API of IBM API Connect, in order to trigger a denial of service... CVE-2019-4402, ibm10958193, VIGILANCE-VUL-30044

2	Node.js static-resource-server: file reading via Appended Slash A local attacker can read a file via Appended Slash of Node.js static-resource-server, in order to obtain sensitive information... CVE-2018-16493, ibm10958783, VIGILANCE-VUL-29941

2	Drupal Advanced Forum: Cross Site Scripting An attacker can trigger a Cross Site Scripting of Drupal Advanced Forum, in order to run JavaScript code in the context of the web site... DRUPAL-SA-CONTRIB-2019-054, ibm10960880, VIGILANCE-VUL-29635

2	IBM API Connect: Cross Site Request Forgery An attacker can trigger a Cross Site Request Forgery of IBM API Connect, in order to force the victim to perform operations... CVE-2018-1858, ibm10794169, VIGILANCE-VUL-29627

2	Kubernetes: directory traversal via kubectl cp An attacker can traverse directories via kubectl cp of Kubernetes, in order to read a file outside the service root path... CVE-2019-11246, FEDORA-2019-2b8ef08c95, ibm10960606, VIGILANCE-VUL-29589

Our database contains other pages. You can request a free trial to read them.

Display information about IBM API Connect:

https://www.ibm.com/cloud/api-connect?loc=fr-fr