CPE-E110A792-5695-4003-A8DC-19E4C9E31AFB Detail

CPE Details

IBM API Connect 5.0.8.5

Vendor

ibm

Product

api_connect

Version

5.0.8.5

Created

2019-04-02
17h04 +00:00

Modified

2019-04-02
17h04 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:ibm:api_connect:5.0.8.5:::::::*

Informations

Vendor

ibm

Product

api_connect

Version

5.0.8.5

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2021-29772	2021-08-26 19h25 +00:00	IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. IBM X-Force ID: 202774.	9.8	Critical
CVE-2021-29715	2021-08-26 19h25 +00:00	IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information or conduct denial of serivce attacks due to open ports. IBM X-Force ID: 201018.	9.1	Critical
CVE-2020-4706	2021-08-17 13h55 +00:00	IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 187194.	5.4	Medium
CVE-2020-4707	2021-08-04 14h00 +00:00	IBM API Connect 5.0.0.0 through 5.0.8.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187370.	5.4	Medium
CVE-2020-4838	2021-01-12 14h45 +00:00	IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190036.	5.4	Medium
CVE-2020-4899	2021-01-05 15h10 +00:00	IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. IBM X-Force ID: 190990.	9.1	Critical
CVE-2020-4251	2020-06-12 13h10 +00:00	IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175489.	5.4	Medium
CVE-2019-4553	2020-03-24 15h20 +00:00	IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165958.	7.5	High
CVE-2019-4600	2019-10-28 23h36 +00:00	IBM API Connect version V5.0.0.0 through 5.0.8.7 could reveal sensitive information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 167883.	5.3	Medium
CVE-2019-4460	2019-08-20 18h25 +00:00	IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 163681.	7.5	High
CVE-2019-4382	2019-06-25 15h45 +00:00	IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. IBM X-Force ID: 162162.	5.3	Medium
CVE-2018-1858	2019-06-25 15h45 +00:00	IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 151256.	8.8	High
CVE-2019-4256	2019-05-29 15h10 +00:00	IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 159944.	7.5	High
CVE-2018-1991	2019-05-22 14h45 +00:00	IBM API Connect 5.0.0.0, and 5.0.8.6 could could return sensitive information that could provide critical information as to the underlying software stack in CMC UI headers. IBM X-Force ID: 154284.	2.7	Low
CVE-2019-4203	2019-04-15 14h55 +00:00	IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124.	9.8	Critical
CVE-2019-4202	2019-04-15 14h55 +00:00	IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a specially crafted request can run arbitrary code on the server and gain complete access to the system. IBM X-Force ID: 159123.	10	Critical
CVE-2018-1874	2019-04-02 13h20 +00:00	IBM API Connect 5.0.0.0 through 5.0.8.5 could display highly sensitive information to an attacker with physical access to the system. IBM X-Force ID: 151636.	4.6	Medium

IBM API Connect 5.0.8.5

CPE Details

CPE Name: cpe:2.3:a:ibm:api_connect:5.0.8.5:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:ibm:api_connect:5.0.8.5:::::::*