Every CVE whose affected-product data names Ibm Api Connect, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (79)
CVE-2019-4202 — CVSS 10.0 (critical): IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a specially crafted request can…
CVE-2021-29772 — CVSS 9.8 (critical): IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. IBM X-Force ID…
CVE-2025-13915 — CVSS 9.8 (critical): IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain…
CVE-2019-4203 — CVSS 9.8 (critical): IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and…
CVE-2018-1469 — CVSS 9.8 (critical): IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially…
CVE-2019-4008 — CVSS 9.8 (critical): API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being…
CVE-2020-4899 — CVSS 9.1 (critical): IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text…
CVE-2021-29715 — CVSS 9.1 (critical): IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information or conduct denial of serivce attacks…
CVE-2018-1774 — CVSS 8.9 (high): IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could…
CVE-2019-4155 — CVSS 8.8 (high): IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted by a privilege escalation vulnerability when integrated with an OpenID…
CVE-2018-1858 — CVSS 8.8 (high): IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and…
CVE-2018-1712 — CVSS 8.6 (high): IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially…
CVE-2018-1789 — CVSS 8.4 (high): IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request…
CVE-2017-1322 — CVSS 8.2 (high): IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could…
CVE-2018-1778 — CVSS 7.7 (high): IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4) could allow an attacker to bypass authentication if the AccessToken…
CVE-2019-4609 — CVSS 7.5 (high): IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive…
CVE-2020-4452 — CVSS 7.5 (high): IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt…
CVE-2020-4695 — CVSS 7.5 (high): IBM API Connect V10 is impacted by insecure communications during database replication. As the data replication happens over insecure…
CVE-2018-1779 — CVSS 7.5 (high): IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of service due to not setting limits on…
CVE-2016-3012 — CVSS 7.5 (high): IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package…
CVE-2019-4052 — CVSS 7.5 (high): IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IBM X-Force…
CVE-2019-4256 — CVSS 7.5 (high): IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly…
CVE-2017-1379 — CVSS 7.5 (high): IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the…
CVE-2019-4402 — CVSS 7.5 (high): IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected…
CVE-2019-4460 — CVSS 7.5 (high): IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker…
CVE-2019-4553 — CVSS 7.5 (high): IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt…
CVE-2017-1161 — CVSS 7.3 (high): IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs…
CVE-2018-1973 — CVSS 7.2 (high): IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'API Administrator level access to give themselves full 'Administrator'…
CVE-2020-4638 — CVSS 7.2 (high): IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. An invitee to an API Provider…
CVE-2018-1784 — CVSS 7.1 (high): IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID…
CVE-2020-4337 — CVSS 6.5 (medium): IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker to launch phishing attacks by tricking the server to generate user…
CVE-2020-4903 — CVSS 6.5 (medium): IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the registered user…
CVE-2018-2009 — CVSS 6.5 (medium): IBM API Connect v2018.1 and 2018.4.1 is affected by an information disclosure vulnerability in the consumer API. Any registered user can…
CVE-2018-1389 — CVSS 6.5 (medium): IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship…
CVE-2017-1556 — CVSS 6.5 (medium): IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a…
CVE-2020-4828 — CVSS 6.5 (medium): IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to web cache poisoning, caused by improper input…
CVE-2018-2015 — CVSS 6.4 (medium): IBM API Connect 2018.1 and 2018.4.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to…
CVE-2023-47722 — CVSS 6.2 (medium): IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912.
CVE-2017-1551 — CVSS 6.1 (medium): IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim…
CVE-2018-2007 — CVSS 5.9 (medium): IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly…
CVE-2018-1546 — CVSS 5.9 (medium): IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly…
CVE-2017-1386 — CVSS 5.9 (medium): IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and…
CVE-2018-1638 — CVSS 5.9 (medium): IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce Two Factor Authentication (TFA) while resetting a user password but…
CVE-2019-4444 — CVSS 5.5 (medium): IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. An attacker…
CVE-2020-4195 — CVSS 5.4 (medium): IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. By persuading a…
CVE-2020-4838 — CVSS 5.4 (medium): IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2020-4825 — CVSS 5.4 (medium): IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site scripting. This vulnerability…
CVE-2020-4706 — CVSS 5.4 (medium): IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST…
CVE-2020-4707 — CVSS 5.4 (medium): IBM API Connect 5.0.0.0 through 5.0.8.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2018-1382 — CVSS 5.4 (medium): IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the…
CVE-2020-4251 — CVSS 5.4 (medium): IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2018-1599 — CVSS 5.4 (medium): IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim…
CVE-2021-38997 — CVSS 5.4 (medium): IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through 2018.4.1.19 is vulnerable to HTTP header…
CVE-2018-1430 — CVSS 5.4 (medium): IBM API Connect 5.0.0.0 through 5.0.8.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2019-4437 — CVSS 5.3 (medium): IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. IBM…
CVE-2017-1328 — CVSS 5.3 (medium): IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to bypass security restrictions of the api, caused by improper handling of…
CVE-2018-2011 — CVSS 5.3 (medium): IBM API Connect 2018.1 through 2018.4.1.5 could allow an attacker to obtain sensitive information from a specially crafted HTTP request…
CVE-2018-2013 — CVSS 5.3 (medium): IBM API Connect 2018.1 through 2018.4.1.5 could disclose sensitive information to an unauthorized user that could aid in further attacks…
CVE-2019-4051 — CVSS 5.3 (medium): Some URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose system specification information like the machine id, system uuid, filesystem…
CVE-2019-4382 — CVSS 5.3 (medium): IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using…
CVE-2016-1000232 — CVSS 5.3 (medium): NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result…
CVE-2019-4600 — CVSS 5.3 (medium): IBM API Connect version V5.0.0.0 through 5.0.8.7 could reveal sensitive information to an attacker using a specially crafted HTTP request…
CVE-2020-4346 — CVSS 5.3 (medium): IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server has an unsecured api which can be exploited by an unauthenticated…
CVE-2022-34350 — CVSS 5.3 (medium): IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service…
CVE-2018-1932 — CVSS 4.9 (medium): IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a vulnerability in the role-based access control in the management server that could…
CVE-2018-1976 — CVSS 4.9 (medium): IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive information disclosure via a REST API that could allow a user with…
CVE-2018-1874 — CVSS 4.6 (medium): IBM API Connect 5.0.0.0 through 5.0.8.5 could display highly sensitive information to an attacker with physical access to the system. IBM…
CVE-2018-1859 — CVSS 4.3 (medium): IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user authenticated as an administrator with limited rights to escalate their…
CVE-2021-20440 — CVSS 4.3 (medium): IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not restrict member registration to the intended recepient. An attacker…
CVE-2018-1548 — CVSS 4.3 (medium): IBM API Connect 2018.1.0.0, 2018.2.1, 2018.2.2, 2018.2.3, and 2018.2.4 contains a vulnerability that could allow an authenticated user to…
CVE-2018-1532 — CVSS 4.3 (medium): IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID…
CVE-2018-1468 — CVSS 4.3 (medium): IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access to internal environment and sensitive API details to which they are…
CVE-2017-1555 — CVSS 4.3 (medium): IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application…
CVE-2017-1785 — CVSS 4.3 (medium): IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM…
CVE-2023-28522 — CVSS 4.3 (medium): IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585.
CVE-2020-4826 — CVSS 4.3 (medium): IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow…
CVE-2020-4827 — CVSS 4.3 (medium): IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow…
CVE-2020-4640 — CVSS 4.1 (medium): Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in…
CVE-2018-1991 — CVSS 2.7 (low): IBM API Connect 5.0.0.0, and 5.0.8.6 could could return sensitive information that could provide critical information as to the underlying…