CVE-2019-4402
https://notcve.org/view.php?id=CVE-2019-4402
IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. IBM X-Force ID: 162263. El portal para desarrolladores de IBM API Connect 2018.1 a 2018.4.1.6 podría permitir que un usuario no autorizado cause una denegación de servicio a través de una API desprotegida. ID de IBM X-Force: 162263. • https://exchange.xforce.ibmcloud.com/vulnerabilities/162263 https://www.ibm.com/support/docview.wss?uid=ibm10958193 •
CVE-2019-4382
https://notcve.org/view.php?id=CVE-2019-4382
IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. IBM X-Force ID: 162162. IBM API Connect versión 5.0.0.0 hasta 5.0.8.6, podría permitir que un usuario no autorizado obtenga información confidencial acerca de los usuarios del sistema utilizando peticiones HTTP especialmente creadas. ID de IBM X-Force: 162162. • http://www.securityfocus.com/bid/108893 https://exchange.xforce.ibmcloud.com/vulnerabilities/162162 https://www.ibm.com/support/docview.wss?uid=ibm10886747 • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2018-2013
https://notcve.org/view.php?id=CVE-2018-2013
IBM API Connect 2018.1 through 2018.4.1.5 could disclose sensitive information to an unauthorized user that could aid in further attacks against the system. IBM X-Force ID: 155193. IBM API Connect versión 2018.1 hasta 2018.4.1.5, podría divulgar información confidencial a un usuario no autorizado que podría ayudar en nuevos ataques contra el sistema. ID de IBM X-Force: 155193. • http://www.securityfocus.com/bid/108907 https://exchange.xforce.ibmcloud.com/vulnerabilities/155193 https://www.ibm.com/support/docview.wss?uid=ibm10882924 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-2011
https://notcve.org/view.php?id=CVE-2018-2011
IBM API Connect 2018.1 through 2018.4.1.5 could allow an attacker to obtain sensitive information from a specially crafted HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 155150. IBM API Connect versión 2018.1 hasta 2018.4.1.5, podría permitir a un atacante obtener información confidencial de una petición HTTP especialmente creada que podría ayudar a un atacante en nuevos ataques contra el sistema. ID de IBM X-Force: 155150. • http://www.securityfocus.com/bid/108907 https://exchange.xforce.ibmcloud.com/vulnerabilities/155150 https://www.ibm.com/support/docview.wss?uid=ibm10882932 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-1858
https://notcve.org/view.php?id=CVE-2018-1858
IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 151256. IBM API Connect versión 5.0.0.0 hasta 5.0.8.6, es vulnerable a un problema de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. ID de IBM X-Force: 151256. • http://www.ibm.com/support/docview.wss?uid=ibm10794169 http://www.securityfocus.com/bid/108898 http://www.securityfocus.com/bid/109111 https://exchange.xforce.ibmcloud.com/vulnerabilities/151256 • CWE-352: Cross-Site Request Forgery (CSRF) •