The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of IBM API Connect

Bootstrap: Cross Site Scripting via Tooltip Data-container Property
An attacker can trigger a Cross Site Scripting via Tooltip Data-container Property of Bootstrap, in order to run JavaScript code in the context of the web site...
CVE-2018-14042, ibm10880955, RHSA-2020:3936-01, RHSA-2020:4670-01, RHSA-2020:4847-01, VIGILANCE-VUL-33456
IBM API Connect: privilege escalation via API Manager
An attacker can bypass restrictions via API Manager of IBM API Connect, in order to escalate his privileges...
6324751, CVE-2020-4638, VIGILANCE-VUL-33240
IBM API Connect: information disclosure via Registration Emails Phishing Attacks
An attacker can bypass access restrictions to data via Registration Emails Phishing Attacks of IBM API Connect, in order to obtain sensitive information...
6324763, CVE-2020-4337, VIGILANCE-VUL-33239
Go: overload via ReadUvarint
An attacker can trigger an overload via ReadUvarint() of Go, in order to trigger a denial of service...
6344299, CVE-2020-16845, DLA-2459-1, DLA-2460-1, FEDORA-2020-deff052e7a, FEDORA-2020-e384830a0d, openSUSE-SU-2020:1178-1, openSUSE-SU-2020:1194-1, openSUSE-SU-2020:1405-1, openSUSE-SU-2020:1407-1, RHSA-2020:3665-01, SUSE-SU-2020:2562-1, VIGILANCE-VUL-33042
PHP: use after free via phar_parse_zipfile
An attacker can force the usage of a freed memory area via phar_parse_zipfile() of PHP, in order to trigger a denial of service, and possibly to run code...
6396428, 79797, CERTFR-2020-AVI-488, CVE-2020-7068, DLA-2345-1, FEDORA-2020-8e36afc743, FEDORA-2020-96124cc236, openSUSE-SU-2020:1354-1, openSUSE-SU-2020:1356-1, SUSE-SU-2020:2403-1, SUSE-SU-2020:2404-1, SUSE-SU-2020:2405-1, SUSE-SU-2020:2455-1, SUSE-SU-2020:2456-1, SUSE-SU-2020:2477-1, VIGILANCE-VUL-33030
Kubernetes: privilege escalation via kube-apiserver
An attacker can bypass restrictions via kube-apiserver of Kubernetes, in order to escalate his privileges...
6344297, CVE-2020-8559, VIGILANCE-VUL-32841
Kubernetes: denial of service via kubelet /etc/hosts
An attacker can trigger a fatal error via kubelet /etc/hosts of Kubernetes, in order to trigger a denial of service...
6344297, CVE-2020-8557, VIGILANCE-VUL-32840
IBM API Connect V 2018: information disclosure via Weak Cryptographic Algorithms
An attacker can bypass access restrictions to data via Weak Cryptographic Algorithms of IBM API Connect V 2018, in order to obtain sensitive information...
6240322, CVE-2020-4452, VIGILANCE-VUL-32634
Drupal Internationalization: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Drupal Internationalization, in order to run JavaScript code in the context of the web site...
6240304, DRUPAL-SA-CONTRIB-2020-025, VIGILANCE-VUL-32571
Drupal Core: privilege escalation via JSON-API PATCH Requests
An attacker can bypass restrictions via JSON:API PATCH Requests of Drupal Core, in order to escalate his privileges...
6240310, CERTFR-2020-AVI-381, CVE-2020-13665, DRUPAL-SA-CORE-2020-006, VIGILANCE-VUL-32570
Our database contains other pages. You can request a free trial to read them.

Display information about IBM API Connect: