| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of IBM API Connect
IBM API Connect: information disclosure
Synthesis of the vulnerability
An attacker can bypass access restrictions to data of IBM API Connect, in order to obtain sensitive information.
Impacted products: IBM API Connect.
Severity: 1/4.
Consequences: data reading.
Provenance: user account.
Creation date: 20/05/2019.
Identifiers: CVE-2018-1991, ibm10871970, VIGILANCE-VUL-29358.
Description of the vulnerability
An attacker can bypass access restrictions to data of IBM API Connect, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Node.js marked: Cross Site Scripting
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting of Node.js marked, in order to run JavaScript code in the context of the web site.
Impacted products: IBM API Connect, Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 30/04/2019.
Identifiers: CVE-2016-10531, ibm10882578, ibm10882596, ibm10882756, ibm10882762, ibm10882952, ibm10882956, ibm10885478, VIGILANCE-VUL-29158.
Description of the vulnerability
An attacker can trigger a Cross Site Scripting of Node.js marked, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial) |
Node.js lodash: privilege escalation
Synthesis of the vulnerability
An attacker can bypass restrictions of Node.js lodash, in order to escalate his privileges.
Impacted products: IBM API Connect, Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: document.
Creation date: 30/04/2019.
Identifiers: CVE-2018-3721, ibm10882578, ibm10882596, ibm10882756, ibm10882762, ibm10882952, ibm10882956, ibm10885478, VIGILANCE-VUL-29157.
Description of the vulnerability
An attacker can bypass restrictions of Node.js lodash, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial) |
IBM API Connect: privilege escalation via clickjacking
Synthesis of the vulnerability
An attacker can bypass restrictions via clickjacking of IBM API Connect, in order to escalate his privileges.
Impacted products: IBM API Connect.
Severity: 2/4.
Consequences: user access/rights, client access/rights.
Provenance: document.
Creation date: 30/04/2019.
Identifiers: CVE-2018-2015, ibm10882578, ibm10882596, ibm10882756, ibm10882762, ibm10882952, ibm10882956, VIGILANCE-VUL-29156.
Description of the vulnerability
An attacker can bypass restrictions via clickjacking of IBM API Connect, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial) |
jQuery, Symfony: Cross Site Scripting via templates
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting via templates for Symfony, in order to run JavaScript code in the context of the web site.
Impacted products: Debian, Drupal Core, Fedora, Grafana, IBM API Connect, Joomla Extensions ~ not comprehensive, Red Hat SSO, Symfony, Synology DSM, TYPO3 Core.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 18/04/2019.
Identifiers: CERTFR-2019-AVI-180, CVE-2019-10909, CVE-2019-11358, DLA-1777-1, DLA-1777-2, DLA-1778-1, DLA-1797-1, DRUPAL-SA-CORE-2019-005, DRUPAL-SA-CORE-2019-006, DSA-4434-1, DSA-4441-1, FEDORA-2019-2a7f472198, FEDORA-2019-32067d8b15, FEDORA-2019-3ee6a7adf2, FEDORA-2019-a3ca65028c, FEDORA-2019-f8db687840, ibm10882578, ibm10882596, ibm10882756, ibm10882762, ibm10882952, ibm10882956, RHSA-2019:1456-01, Synology-SA-19:19, TYPO3-CORE-SA-2019-009, TYPO3-CORE-SA-2019-010, TYPO3-CORE-SA-2019-011, TYPO3-CORE-SA-2019-012, TYPO3-CORE-SA-2019-013, TYPO3-PSA-2019-004, TYPO3-PSA-2019-005, TYPO3-PSA-2019-006, VIGILANCE-VUL-29070.
Description of the vulnerability
An attacker can trigger a Cross Site Scripting via templates for Symfony, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial) |
Symfony, Drupal: privilege escalation via the "remember me" cookie
Synthesis of the vulnerability
An attacker can bypass restrictions via the "remember me" cookie of Symfony or Drupal, in order to escalate his privileges.
Impacted products: Debian, Drupal Core, Fedora, IBM API Connect, Symfony, Synology DSM.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: internet client.
Creation date: 18/04/2019.
Identifiers: CERTFR-2019-AVI-180, CVE-2019-10911, DLA-1778-1, DRUPAL-SA-CORE-2019-005, DRUPAL-SA-CORE-2019-006, DSA-4441-1, FEDORA-2019-2a7f472198, FEDORA-2019-32067d8b15, FEDORA-2019-3ee6a7adf2, FEDORA-2019-a3ca65028c, FEDORA-2019-f8db687840, ibm10882578, ibm10882596, ibm10882756, ibm10882762, ibm10882952, ibm10882956, Synology-SA-19:19, VIGILANCE-VUL-29065.
Description of the vulnerability
An attacker can bypass restrictions via the "remember me" cookie of Symfony or Drupal, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial) |
Symfony, Drupal: code execution via service IDs
Synthesis of the vulnerability
An attacker can use a vulnerability via service IDs of Symfony or Drupal, in order to run code.
Impacted products: Debian, Drupal Core, Fedora, IBM API Connect, Symfony, Synology DSM.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 18/04/2019.
Identifiers: CERTFR-2019-AVI-180, CVE-2019-10910, DLA-1778-1, DRUPAL-SA-CORE-2019-005, DRUPAL-SA-CORE-2019-006, DSA-4441-1, FEDORA-2019-2a7f472198, FEDORA-2019-32067d8b15, FEDORA-2019-3ee6a7adf2, FEDORA-2019-a3ca65028c, FEDORA-2019-f8db687840, ibm10882578, ibm10882596, ibm10882756, ibm10882762, ibm10882952, ibm10882956, Synology-SA-19:19, VIGILANCE-VUL-29064.
Description of the vulnerability
An attacker can use a vulnerability via service IDs of Symfony or Drupal, in order to run code.
Full Vigil@nce bulletin... (Free trial) |
IBM API Connect: file reading via Developer Portal File Inclusion
Synthesis of the vulnerability
A local attacker can read a file via Developer Portal File Inclusion of IBM API Connect, in order to obtain sensitive information.
Impacted products: IBM API Connect.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 11/04/2019.
Identifiers: CVE-2019-4203, ibm10880569, VIGILANCE-VUL-29002.
Description of the vulnerability
A local attacker can read a file via Developer Portal File Inclusion of IBM API Connect, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
PHP: multiple vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of PHP.
Impacted products: Debian, Fedora, IBM API Connect, openSUSE Leap, PHP, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 04/04/2019.
Identifiers: 77753, 77831, CERTFR-2019-AVI-146, CVE-2019-11034, CVE-2019-11035, DLA-1803-1, FEDORA-2019-253da50ddd, FEDORA-2019-da36d5d484, ibm10882572, openSUSE-SU-2019:1501-1, openSUSE-SU-2019:1503-1, openSUSE-SU-2019:1572-1, openSUSE-SU-2019:1573-1, SUSE-SU-2019:1325-1, SUSE-SU-2019:1360-1, SUSE-SU-2019:1365-1, SUSE-SU-2019:1461-1, USN-3953-1, USN-3953-2, VIGILANCE-VUL-28944.
Description of the vulnerability
An attacker can use several vulnerabilities of PHP.
Full Vigil@nce bulletin... (Free trial) |
IBM API Connect: information disclosure via URIs
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via URIs of IBM API Connect, in order to obtain sensitive information.
Impacted products: IBM API Connect, I-Connect.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 04/04/2019.
Identifiers: CVE-2019-4051, ibm10879395, VIGILANCE-VUL-28943.
Description of the vulnerability
An attacker can bypass access restrictions to data via URIs of IBM API Connect, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about IBM API Connect:
|