Ibm Api_connect
79 CVEs affecting Ibm Api_connect. Latest disclosed: 2025-12-26. Critical: 8, High: 22.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-4202 | Critical | 10.0 | 2019-04-15 | IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a specially crafted request can run arbitrary code on… |
CVE-2025-13915 | Critical | 9.8 | 2025-12-26 | IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the… |
CVE-2021-29772 | Critical | 9.8 | 2021-08-26 | IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. IBM X-Force ID: 202774. |
CVE-2019-4203 | Critical | 9.8 | 2019-04-15 | IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out… |
CVE-2019-4008 | Critical | 9.8 | 2019-02-07 | API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files… |
CVE-2018-1469 | Critical | 9.8 | 2018-04-04 | IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially crafted HTTP reques… |
CVE-2021-29715 | Critical | 9.1 | 2021-08-26 | IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information or conduct denial of serivce attacks due to open ports. IBM… |
CVE-2020-4899 | Critical | 9.1 | 2021-01-05 | IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive… |
CVE-2018-1774 | High | 8.9 | 2018-11-09 | IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious comman… |
CVE-2018-1858 | High | 8.8 | 2019-06-25 | IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions… |
CVE-2019-4155 | High | 8.8 | 2019-04-08 | IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted by a privilege escalation vulnerability when integrated with an OpenID Connect (OIDC) user… |
CVE-2018-1712 | High | 8.6 | 2018-08-16 | IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters… |
CVE-2018-1789 | High | 8.4 | 2018-09-07 | IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-… |
CVE-2017-1322 | High | 8.2 | 2017-06-27 | IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerabi… |
CVE-2018-1778 | High | 7.7 | 2018-12-20 | IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4) could allow an attacker to bypass authentication if the AccessToken Model is exposed over… |
CVE-2020-4695 | High | 7.5 | 2021-03-08 | IBM API Connect V10 is impacted by insecure communications during database replication. As the data replication happens over insecure communication channels, a… |
CVE-2020-4452 | High | 7.5 | 2020-06-29 | IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive inf… |
CVE-2019-4553 | High | 7.5 | 2020-03-24 | IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive infor… |
CVE-2019-4609 | High | 7.5 | 2019-12-18 | IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force… |
CVE-2019-4460 | High | 7.5 | 2019-08-20 | IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a speciall… |