Ibm: >> Api Connect >> 5.0.8.6 Security Vulnerabilities
IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 151256.
CVSS Score
4.3
EPSS Score
0.002
Published
2019-06-25
IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. IBM X-Force ID: 162162.
CVSS Score
5.3
EPSS Score
0.003
Published
2019-06-25
IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 159944.
CVSS Score
5.9
EPSS Score
0.002
Published
2019-05-29
IBM API Connect 5.0.0.0, and 5.0.8.6 could could return sensitive information that could provide critical information as to the underlying software stack in CMC UI headers. IBM X-Force ID: 154284.
CVSS Score
2.7
EPSS Score
0.001
Published
2019-05-22
IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a specially crafted request can run arbitrary code on the server and gain complete access to the system. IBM X-Force ID: 159123.
CVSS Score
10.0
EPSS Score
0.024
Published
2019-04-15
IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124.
CVSS Score
8.9
EPSS Score
0.005
Published
2019-04-15
Page 2