CVE-2018-1389
https://notcve.org/view.php?id=CVE-2018-1389
IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship allowing unauthorized modification of information. IBM X-Force ID: 138213. IBM API Connect, de la versión 5.0.0.0 hasta la 5.0.8.2, se ha visto impactado por las API LoopBack generadas para un Model que emplea la relación BelongsTo/HasMany, lo que permite la modificación no autorizada de la información. IBM X-Force ID: 138213. • http://www.ibm.com/support/docview.wss?uid=swg22013531 http://www.securityfocus.com/bid/104026 https://exchange.xforce.ibmcloud.com/vulnerabilities/138213 •
CVE-2018-1430
https://notcve.org/view.php?id=CVE-2018-1430
IBM API Connect 5.0.0.0 through 5.0.8.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139226. IBM API Connect, de la versión 5.0.0.0 hasta la 5.0.8.2, es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=swg22013058 http://www.securityfocus.com/bid/104027 https://exchange.xforce.ibmcloud.com/vulnerabilities/139226 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-1469
https://notcve.org/view.php?id=CVE-2018-1469
IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially crafted HTTP requests. IBM X-Force ID: 140605. IBM API Connect Developer Portal, de la versión 5.0.0.0 hasta la 5.0.8.2, podría permitir que un atacante no autenticado ejecute comandos del sistema mediante peticiones HTTP especialmente manipuladas. IBM X-Force ID: 140605. • http://www.ibm.com/support/docview.wss?uid=swg22014940 https://exchange.xforce.ibmcloud.com/vulnerabilities/140605 •
CVE-2018-1382
https://notcve.org/view.php?id=CVE-2018-1382
IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138079. IBM API Connect 5.0.0.0 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=swg22013054 https://exchange.xforce.ibmcloud.com/vulnerabilities/138079 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-1785
https://notcve.org/view.php?id=CVE-2017-1785
IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859. IBM API Connect 5.0.7 y 5.0.8 podría permitir que un usuario autenticado remoto modifique parámetros de la consulta para obtener información sensible. IBM X-Force ID: 136859. • http://www.ibm.com/support/docview.wss?uid=swg22013061 https://exchange.xforce.ibmcloud.com/vulnerabilities/136859 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •