Ibm Api_connect

79 CVEs affecting Ibm Api_connect. Latest disclosed: 2025-12-26. Critical: 8, High: 22.

Top CVEs affecting Ibm Api_connect
CVESeverityScorePublishedSummary
CVE-2019-4202Critical10.02019-04-15IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a specially crafted request can run arbitrary code on…
CVE-2025-13915Critical9.82025-12-26IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the…
CVE-2021-29772Critical9.82021-08-26IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. IBM X-Force ID: 202774.
CVE-2019-4203Critical9.82019-04-15IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out…
CVE-2019-4008Critical9.82019-02-07API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files…
CVE-2018-1469Critical9.82018-04-04IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially crafted HTTP reques…
CVE-2021-29715Critical9.12021-08-26IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information or conduct denial of serivce attacks due to open ports. IBM…
CVE-2020-4899Critical9.12021-01-05IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive…
CVE-2018-1774High8.92018-11-09IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious comman…
CVE-2018-1858High8.82019-06-25IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions…
CVE-2019-4155High8.82019-04-08IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted by a privilege escalation vulnerability when integrated with an OpenID Connect (OIDC) user…
CVE-2018-1712High8.62018-08-16IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters…
CVE-2018-1789High8.42018-09-07IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-…
CVE-2017-1322High8.22017-06-27IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerabi…
CVE-2018-1778High7.72018-12-20IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4) could allow an attacker to bypass authentication if the AccessToken Model is exposed over…
CVE-2020-4695High7.52021-03-08IBM API Connect V10 is impacted by insecure communications during database replication. As the data replication happens over insecure communication channels, a…
CVE-2020-4452High7.52020-06-29IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive inf…
CVE-2019-4553High7.52020-03-24IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive infor…
CVE-2019-4609High7.52019-12-18IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force…
CVE-2019-4460High7.52019-08-20IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a speciall…