| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of IBM API Connect
Drupal Core: Cross Site Scripting via File Module/Subsystem
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting via File Module/Subsystem of Drupal Core, in order to run JavaScript code in the context of the web site.
Impacted products: Debian, Drupal Core, Fedora, IBM API Connect, I-Connect, Synology DSM.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 20/03/2019.
Identifiers: CVE-2019-6341, DLA-1746-1, DRUPAL-SA-CORE-2019-004, DSA-4412-1, FEDORA-2019-2fbce03df3, FEDORA-2019-35589cfcb5, ibm10879443, Synology-SA-19:13, VIGILANCE-VUL-28786, ZDI-19-291.
Description of the vulnerability
The Core module can be installed on Drupal.
However, it does not filter received data via File Module/Subsystem before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting via File Module/Subsystem of Drupal Core, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial) |
IBM API Connect: information disclosure via Consumer API
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via Consumer API of IBM API Connect, in order to obtain sensitive information.
Impacted products: IBM API Connect, I-Connect.
Severity: 2/4.
Consequences: data reading.
Provenance: user account.
Creation date: 12/03/2019.
Identifiers: CVE-2018-2009, ibm10794327, VIGILANCE-VUL-28717.
Description of the vulnerability
An attacker can bypass access restrictions to data via Consumer API of IBM API Connect, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Pivotal Ops Manager: Cross Site Scripting via Bootstrap
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting via Bootstrap of Pivotal Ops Manager, in order to run JavaScript code in the context of the web site.
Impacted products: IBM API Connect, TYPO3 Core.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 08/03/2019.
Identifiers: CVE-2019-8331, ibm10879483, TYPO3-CORE-SA-2019-009, TYPO3-CORE-SA-2019-010, TYPO3-CORE-SA-2019-011, TYPO3-CORE-SA-2019-012, TYPO3-CORE-SA-2019-013, TYPO3-PSA-2019-004, TYPO3-PSA-2019-005, TYPO3-PSA-2019-006, VIGILANCE-VUL-28700.
Description of the vulnerability
The Pivotal Ops Manager product offers a web service.
However, it does not filter received data via Bootstrap before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting via Bootstrap of Pivotal Ops Manager, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial) |
Drupal EU Cookie Compliance: Cross Site Scripting
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting of Drupal EU Cookie Compliance, in order to run JavaScript code in the context of the web site.
Impacted products: Drupal Modules ~ not comprehensive, IBM API Connect, I-Connect.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 07/03/2019.
Identifiers: DRUPAL-SA-CONTRIB-2019-033, ibm10878775, VIGILANCE-VUL-28683.
Description of the vulnerability
The EU Cookie Compliance module can be installed on Drupal.
However, it does not filter received data before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting of Drupal EU Cookie Compliance, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial) |
Kubernetes: infinite loop via API Server json-patch
Synthesis of the vulnerability
An attacker can trigger an infinite loop via API Server json-patch of Kubernetes, in order to trigger a denial of service.
Impacted products: IBM API Connect, I-Connect, Kubernetes.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 04/03/2019.
Identifiers: CVE-2019-1002100, ibm10879473, VIGILANCE-VUL-28640.
Description of the vulnerability
An attacker can trigger an infinite loop via API Server json-patch of Kubernetes, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Bootstrap: Cross Site Scripting via Scrollspy Data-target Property
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting via Scrollspy Data-target Property of Bootstrap, in order to run JavaScript code in the context of the web site.
Impacted products: IBM API Connect.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 17/12/2018.
Identifiers: CVE-2018-14041, ibm10880955, VIGILANCE-VUL-28036.
Description of the vulnerability
An attacker can trigger a Cross Site Scripting via Scrollspy Data-target Property of Bootstrap, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial) |
Bootstrap: Cross Site Scripting via Collapse
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting via Collapse of Bootstrap, in order to run JavaScript code in the context of the web site.
Impacted products: Debian, IBM API Connect.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 28/08/2018.
Identifiers: CVE-2018-14040, DLA-1479-1, ibm10880955, VIGILANCE-VUL-27088.
Description of the vulnerability
The Bootstrap product offers a web service.
However, it does not filter received data via Collapse before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting via Collapse of Bootstrap, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about IBM API Connect:
|