The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of IBM API Connect

computer vulnerability bulletin CVE-2018-1991

IBM API Connect: information disclosure

Synthesis of the vulnerability

An attacker can bypass access restrictions to data of IBM API Connect, in order to obtain sensitive information.
Impacted products: IBM API Connect.
Severity: 1/4.
Consequences: data reading.
Provenance: user account.
Creation date: 20/05/2019.
Identifiers: CVE-2018-1991, ibm10871970, VIGILANCE-VUL-29358.

Description of the vulnerability

An attacker can bypass access restrictions to data of IBM API Connect, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-10531

Node.js marked: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Node.js marked, in order to run JavaScript code in the context of the web site.
Impacted products: IBM API Connect, Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 30/04/2019.
Identifiers: CVE-2016-10531, ibm10882578, ibm10882596, ibm10882756, ibm10882762, ibm10882952, ibm10882956, ibm10885478, VIGILANCE-VUL-29158.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting of Node.js marked, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-3721

Node.js lodash: privilege escalation

Synthesis of the vulnerability

An attacker can bypass restrictions of Node.js lodash, in order to escalate his privileges.
Impacted products: IBM API Connect, Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: document.
Creation date: 30/04/2019.
Identifiers: CVE-2018-3721, ibm10882578, ibm10882596, ibm10882756, ibm10882762, ibm10882952, ibm10882956, ibm10885478, VIGILANCE-VUL-29157.

Description of the vulnerability

An attacker can bypass restrictions of Node.js lodash, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-2015

IBM API Connect: privilege escalation via clickjacking

Synthesis of the vulnerability

An attacker can bypass restrictions via clickjacking of IBM API Connect, in order to escalate his privileges.
Impacted products: IBM API Connect.
Severity: 2/4.
Consequences: user access/rights, client access/rights.
Provenance: document.
Creation date: 30/04/2019.
Identifiers: CVE-2018-2015, ibm10882578, ibm10882596, ibm10882756, ibm10882762, ibm10882952, ibm10882956, VIGILANCE-VUL-29156.

Description of the vulnerability

An attacker can bypass restrictions via clickjacking of IBM API Connect, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-10909 CVE-2019-11358

jQuery, Symfony: Cross Site Scripting via templates

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via templates for Symfony, in order to run JavaScript code in the context of the web site.
Impacted products: Debian, Drupal Core, Fedora, Grafana, IBM API Connect, Joomla Extensions ~ not comprehensive, Red Hat SSO, Symfony, Synology DSM, TYPO3 Core.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 18/04/2019.
Identifiers: CERTFR-2019-AVI-180, CVE-2019-10909, CVE-2019-11358, DLA-1777-1, DLA-1777-2, DLA-1778-1, DLA-1797-1, DRUPAL-SA-CORE-2019-005, DRUPAL-SA-CORE-2019-006, DSA-4434-1, DSA-4441-1, FEDORA-2019-2a7f472198, FEDORA-2019-32067d8b15, FEDORA-2019-3ee6a7adf2, FEDORA-2019-a3ca65028c, FEDORA-2019-f8db687840, ibm10882578, ibm10882596, ibm10882756, ibm10882762, ibm10882952, ibm10882956, RHSA-2019:1456-01, Synology-SA-19:19, TYPO3-CORE-SA-2019-009, TYPO3-CORE-SA-2019-010, TYPO3-CORE-SA-2019-011, TYPO3-CORE-SA-2019-012, TYPO3-CORE-SA-2019-013, TYPO3-PSA-2019-004, TYPO3-PSA-2019-005, TYPO3-PSA-2019-006, VIGILANCE-VUL-29070.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting via templates for Symfony, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2019-10911

Symfony, Drupal: privilege escalation via the "remember me" cookie

Synthesis of the vulnerability

An attacker can bypass restrictions via the "remember me" cookie of Symfony or Drupal, in order to escalate his privileges.
Impacted products: Debian, Drupal Core, Fedora, IBM API Connect, Symfony, Synology DSM.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: internet client.
Creation date: 18/04/2019.
Identifiers: CERTFR-2019-AVI-180, CVE-2019-10911, DLA-1778-1, DRUPAL-SA-CORE-2019-005, DRUPAL-SA-CORE-2019-006, DSA-4441-1, FEDORA-2019-2a7f472198, FEDORA-2019-32067d8b15, FEDORA-2019-3ee6a7adf2, FEDORA-2019-a3ca65028c, FEDORA-2019-f8db687840, ibm10882578, ibm10882596, ibm10882756, ibm10882762, ibm10882952, ibm10882956, Synology-SA-19:19, VIGILANCE-VUL-29065.

Description of the vulnerability

An attacker can bypass restrictions via the "remember me" cookie of Symfony or Drupal, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2019-10910

Symfony, Drupal: code execution via service IDs

Synthesis of the vulnerability

An attacker can use a vulnerability via service IDs of Symfony or Drupal, in order to run code.
Impacted products: Debian, Drupal Core, Fedora, IBM API Connect, Symfony, Synology DSM.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 18/04/2019.
Identifiers: CERTFR-2019-AVI-180, CVE-2019-10910, DLA-1778-1, DRUPAL-SA-CORE-2019-005, DRUPAL-SA-CORE-2019-006, DSA-4441-1, FEDORA-2019-2a7f472198, FEDORA-2019-32067d8b15, FEDORA-2019-3ee6a7adf2, FEDORA-2019-a3ca65028c, FEDORA-2019-f8db687840, ibm10882578, ibm10882596, ibm10882756, ibm10882762, ibm10882952, ibm10882956, Synology-SA-19:19, VIGILANCE-VUL-29064.

Description of the vulnerability

An attacker can use a vulnerability via service IDs of Symfony or Drupal, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2019-4203

IBM API Connect: file reading via Developer Portal File Inclusion

Synthesis of the vulnerability

A local attacker can read a file via Developer Portal File Inclusion of IBM API Connect, in order to obtain sensitive information.
Impacted products: IBM API Connect.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 11/04/2019.
Identifiers: CVE-2019-4203, ibm10880569, VIGILANCE-VUL-29002.

Description of the vulnerability

A local attacker can read a file via Developer Portal File Inclusion of IBM API Connect, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2019-11034 CVE-2019-11035

PHP: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP.
Impacted products: Debian, Fedora, IBM API Connect, openSUSE Leap, PHP, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 04/04/2019.
Identifiers: 77753, 77831, CERTFR-2019-AVI-146, CVE-2019-11034, CVE-2019-11035, DLA-1803-1, FEDORA-2019-253da50ddd, FEDORA-2019-da36d5d484, ibm10882572, openSUSE-SU-2019:1501-1, openSUSE-SU-2019:1503-1, openSUSE-SU-2019:1572-1, openSUSE-SU-2019:1573-1, SUSE-SU-2019:1325-1, SUSE-SU-2019:1360-1, SUSE-SU-2019:1365-1, SUSE-SU-2019:1461-1, USN-3953-1, USN-3953-2, VIGILANCE-VUL-28944.

Description of the vulnerability

An attacker can use several vulnerabilities of PHP.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2019-4051

IBM API Connect: information disclosure via URIs

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via URIs of IBM API Connect, in order to obtain sensitive information.
Impacted products: IBM API Connect, I-Connect.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 04/04/2019.
Identifiers: CVE-2019-4051, ibm10879395, VIGILANCE-VUL-28943.

Description of the vulnerability

An attacker can bypass access restrictions to data via URIs of IBM API Connect, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about IBM API Connect: