| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of IBM API Connect
Drupal Advanced Forum: Cross Site Scripting
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting of Drupal Advanced Forum, in order to run JavaScript code in the context of the web site.
Impacted products: Drupal Modules ~ not comprehensive, IBM API Connect.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 27/06/2019.
Identifiers: DRUPAL-SA-CONTRIB-2019-054, ibm10960880, VIGILANCE-VUL-29635.
Description of the vulnerability
The Advanced Forum module can be installed on Drupal.
However, it does not filter received data before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting of Drupal Advanced Forum, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial) |
IBM API Connect: Cross Site Request Forgery
Synthesis of the vulnerability
An attacker can trigger a Cross Site Request Forgery of IBM API Connect, in order to force the victim to perform operations.
Impacted products: IBM API Connect.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 26/06/2019.
Identifiers: CVE-2018-1858, ibm10794169, VIGILANCE-VUL-29627.
Description of the vulnerability
The IBM API Connect product offers a web service.
However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.
An attacker can therefore trigger a Cross Site Request Forgery of IBM API Connect, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial) |
Kubernetes: directory traversal via kubectl cp
Synthesis of the vulnerability
An attacker can traverse directories via kubectl cp of Kubernetes, in order to read a file outside the service root path.
Impacted products: Fedora, IBM API Connect, Kubernetes.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 21/06/2019.
Identifiers: CVE-2019-11246, FEDORA-2019-2b8ef08c95, ibm10960606, VIGILANCE-VUL-29589.
Description of the vulnerability
An attacker can traverse directories via kubectl cp of Kubernetes, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial) |
IBM API Connect: information disclosure via LoopBack
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via LoopBack of IBM API Connect, in order to obtain sensitive information.
Impacted products: IBM API Connect.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 17/06/2019.
Identifiers: CVE-2019-4382, ibm10886747, VIGILANCE-VUL-29539.
Description of the vulnerability
An attacker can bypass access restrictions to data via LoopBack of IBM API Connect, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
IBM API Connect: information disclosure via HTTP Request
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via HTTP Request of IBM API Connect, in order to obtain sensitive information.
Impacted products: IBM API Connect.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 13/06/2019.
Identifiers: CVE-2018-2011, ibm10882932, VIGILANCE-VUL-29528.
Description of the vulnerability
An attacker can bypass access restrictions to data via HTTP Request of IBM API Connect, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
IBM API Connect: information disclosure
Synthesis of the vulnerability
An attacker can bypass access restrictions to data of IBM API Connect, in order to obtain sensitive information.
Impacted products: IBM API Connect.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 13/06/2019.
Identifiers: CVE-2018-2013, ibm10882924, VIGILANCE-VUL-29527.
Description of the vulnerability
An attacker can bypass access restrictions to data of IBM API Connect, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
IBM API Connect: weak encryption
Synthesis of the vulnerability
An attacker can act as a Man-in-the-Middle on IBM API Connect, in order to read or write data in the session.
Impacted products: IBM API Connect.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet server.
Creation date: 23/05/2019.
Identifiers: CVE-2019-4256, ibm10882968, VIGILANCE-VUL-29391.
Description of the vulnerability
An attacker can act as a Man-in-the-Middle on IBM API Connect, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial) |
IBM API Connect: information disclosure
Synthesis of the vulnerability
An attacker can bypass access restrictions to data of IBM API Connect, in order to obtain sensitive information.
Impacted products: IBM API Connect.
Severity: 1/4.
Consequences: data reading.
Provenance: user account.
Creation date: 20/05/2019.
Identifiers: CVE-2018-1991, ibm10871970, VIGILANCE-VUL-29358.
Description of the vulnerability
An attacker can bypass access restrictions to data of IBM API Connect, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Node.js marked: Cross Site Scripting
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting of Node.js marked, in order to run JavaScript code in the context of the web site.
Impacted products: IBM API Connect, Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 30/04/2019.
Identifiers: CVE-2016-10531, ibm10882578, ibm10882596, ibm10882756, ibm10882762, ibm10882952, ibm10882956, ibm10885478, VIGILANCE-VUL-29158.
Description of the vulnerability
An attacker can trigger a Cross Site Scripting of Node.js marked, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial) |
Node.js lodash: privilege escalation
Synthesis of the vulnerability
An attacker can bypass restrictions of Node.js lodash, in order to escalate his privileges.
Impacted products: IBM API Connect, Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: document.
Creation date: 30/04/2019.
Identifiers: CVE-2018-3721, ibm10882578, ibm10882596, ibm10882756, ibm10882762, ibm10882952, ibm10882956, ibm10885478, VIGILANCE-VUL-29157.
Description of the vulnerability
An attacker can bypass restrictions of Node.js lodash, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about IBM API Connect:
|