Computer vulnerabilities of IBM API Connect

Bootstrap: Cross Site Scripting via Tooltip Data-container Property
An attacker can trigger a Cross Site Scripting via Tooltip Data-container Property of Bootstrap, in order to run JavaScript code in the context of the web site...
CVE-2018-14042, ibm10880955, RHSA-2020:3936-01, RHSA-2020:4670-01, RHSA-2020:4847-01, VIGILANCE-VUL-33456

IBM API Connect: privilege escalation via API Manager
An attacker can bypass restrictions via API Manager of IBM API Connect, in order to escalate his privileges...
6324751, CVE-2020-4638, VIGILANCE-VUL-33240

IBM API Connect: information disclosure via Registration Emails Phishing Attacks
An attacker can bypass access restrictions to data via Registration Emails Phishing Attacks of IBM API Connect, in order to obtain sensitive information...
6324763, CVE-2020-4337, VIGILANCE-VUL-33239

Go: overload via ReadUvarint
An attacker can trigger an overload via ReadUvarint() of Go, in order to trigger a denial of service...
6344299, CVE-2020-16845, DLA-2459-1, DLA-2460-1, FEDORA-2020-deff052e7a, FEDORA-2020-e384830a0d, openSUSE-SU-2020:1178-1, openSUSE-SU-2020:1194-1, openSUSE-SU-2020:1405-1, openSUSE-SU-2020:1407-1, RHSA-2020:3665-01, SUSE-SU-2020:2562-1, VIGILANCE-VUL-33042

PHP: use after free via phar_parse_zipfile
An attacker can force the usage of a freed memory area via phar_parse_zipfile() of PHP, in order to trigger a denial of service, and possibly to run code...
6396428, 79797, CERTFR-2020-AVI-488, CVE-2020-7068, DLA-2345-1, FEDORA-2020-8e36afc743, FEDORA-2020-96124cc236, openSUSE-SU-2020:1354-1, openSUSE-SU-2020:1356-1, SUSE-SU-2020:2403-1, SUSE-SU-2020:2404-1, SUSE-SU-2020:2405-1, SUSE-SU-2020:2455-1, SUSE-SU-2020:2456-1, SUSE-SU-2020:2477-1, VIGILANCE-VUL-33030

Kubernetes: privilege escalation via kube-apiserver
An attacker can bypass restrictions via kube-apiserver of Kubernetes, in order to escalate his privileges...
6344297, CVE-2020-8559, VIGILANCE-VUL-32841

Kubernetes: denial of service via kubelet /etc/hosts
An attacker can trigger a fatal error via kubelet /etc/hosts of Kubernetes, in order to trigger a denial of service...
6344297, CVE-2020-8557, VIGILANCE-VUL-32840

IBM API Connect V 2018: information disclosure via Weak Cryptographic Algorithms
An attacker can bypass access restrictions to data via Weak Cryptographic Algorithms of IBM API Connect V 2018, in order to obtain sensitive information...
6240322, CVE-2020-4452, VIGILANCE-VUL-32634

Drupal Internationalization: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Drupal Internationalization, in order to run JavaScript code in the context of the web site...
6240304, DRUPAL-SA-CONTRIB-2020-025, VIGILANCE-VUL-32571

Drupal Core: privilege escalation via JSON-API PATCH Requests
An attacker can bypass restrictions via JSON:API PATCH Requests of Drupal Core, in order to escalate his privileges...
6240310, CERTFR-2020-AVI-381, CVE-2020-13665, DRUPAL-SA-CORE-2020-006, VIGILANCE-VUL-32570

Our database contains other pages. You can request a free trial to read them.

Display information about IBM API Connect:

https://www.ibm.com/cloud/api-connect?loc=fr-fr