CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4444
https://notcve.org/view.php?id=CVE-2019-4444
IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. An attacker with access to the browser instance and local system credentials can steal the credentials used for registration. IBM X-Force ID: 163453. IBM API Connect versiones 2018.1 hasta 2018.4.1.7, la página de registro de usuario del Portal del Desarrollador no inhabilita el autocompletado de contraseña. Un atacante con acceso a la instancia del navegador y a las credenciales del sistema local puede robar las credenciales usadas para el registro. • https://exchange.xforce.ibmcloud.com/vulnerabilities/163453 https://www.ibm.com/support/pages/node/1126833 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4437
https://notcve.org/view.php?id=CVE-2019-4437
IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. IBM X-force ID: 162947. IBM API Connect 2018.1 a 2018.4.1.6 puede filtrar inadvertidamente detalles confidenciales sobre servidores internos y redes a través de API swagger. IBM X-force ID: 162947. • http://www.ibm.com/support/docview.wss?uid=ibm10960876 https://exchange.xforce.ibmcloud.com/vulnerabilities/162947 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4402
https://notcve.org/view.php?id=CVE-2019-4402
IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. IBM X-Force ID: 162263. El portal para desarrolladores de IBM API Connect 2018.1 a 2018.4.1.6 podría permitir que un usuario no autorizado cause una denegación de servicio a través de una API desprotegida. ID de IBM X-Force: 162263. • https://exchange.xforce.ibmcloud.com/vulnerabilities/162263 https://www.ibm.com/support/docview.wss?uid=ibm10958193 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-2013
https://notcve.org/view.php?id=CVE-2018-2013
IBM API Connect 2018.1 through 2018.4.1.5 could disclose sensitive information to an unauthorized user that could aid in further attacks against the system. IBM X-Force ID: 155193. IBM API Connect versión 2018.1 hasta 2018.4.1.5, podría divulgar información confidencial a un usuario no autorizado que podría ayudar en nuevos ataques contra el sistema. ID de IBM X-Force: 155193. • http://www.securityfocus.com/bid/108907 https://exchange.xforce.ibmcloud.com/vulnerabilities/155193 https://www.ibm.com/support/docview.wss?uid=ibm10882924 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-2011
https://notcve.org/view.php?id=CVE-2018-2011
IBM API Connect 2018.1 through 2018.4.1.5 could allow an attacker to obtain sensitive information from a specially crafted HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 155150. IBM API Connect versión 2018.1 hasta 2018.4.1.5, podría permitir a un atacante obtener información confidencial de una petición HTTP especialmente creada que podría ayudar a un atacante en nuevos ataques contra el sistema. ID de IBM X-Force: 155150. • http://www.securityfocus.com/bid/108907 https://exchange.xforce.ibmcloud.com/vulnerabilities/155150 https://www.ibm.com/support/docview.wss?uid=ibm10882932 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •