threat
engine
.sh
Back
·
··:··
Home
/
Product
/
ibm api connect
Product
ibm api connect
79 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-13915
>= 10.0.8.0 and <= 10.0.8.5
IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gai
9.8
CRITICAL
CVE-2023-47722
all versions
IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force I
6.2
MEDIUM
CVE-2023-28522
>= 10.0.0.0 and < 10.0.1.11
IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 25
4.3
MEDIUM
CVE-2022-34350
>= 10.0.0.0 and <= 10.0.5.0
IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External
5.3
MEDIUM
CVE-2021-38997
>= 10.0.0.0 and <= 10.0.5.0
IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through 2018.4.1.19 is vulnerable to HTT
5.4
MEDIUM
CVE-2021-29772
>= 5.0.0.0 and <= 5.0.8.11
IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. IBM X-Force
9.8
CRITICAL
CVE-2021-29715
>= 5.0.0.0 and <= 5.0.8.11
IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information or conduct denial of serivce a
9.1
CRITICAL
CVE-2020-4706
>= 5.0.0.0 and <= 5.0.8.10
IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOS
5.4
MEDIUM
CVE-2020-4707
>= 5.0.0.0 and <= 5.0.8.11
IBM API Connect 5.0.0.0 through 5.0.8.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary
5.4
MEDIUM
CVE-2021-20440
>= 2018.4.1.0 and <= 2018.4.1.13
IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not restrict member registration to the intended recepient. An a
4.3
MEDIUM
CVE-2020-4903
>= 10.0.0.0 and < 10.0.1.1
IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the regist
6.5
MEDIUM
CVE-2020-4695
>= 10.0.0.0 and <= 10.0.1.0
IBM API Connect V10 is impacted by insecure communications during database replication. As the data replication happens over insec
7.5
HIGH
CVE-2020-4828
>= 2018.4.1.0 and <= 2018.4.1.13
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to web cache poisoning, caused by impro
6.5
MEDIUM
CVE-2020-4827
>= 2018.4.1.0 and <= 2018.4.1.13
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which cou
4.3
MEDIUM
CVE-2020-4826
>= 2018.4.1.0 and <= 2018.4.1.13
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which cou
4.3
MEDIUM
CVE-2020-4825
>= 2018.4.1.0 and <= 2018.4.1.13
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site scripting. This vulnerabi
5.4
MEDIUM
CVE-2020-4640
>= 2018.4.1.0 and <= 2018.4.1.13
Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive inform
4.1
MEDIUM
CVE-2020-4838
>= 5.0.0.0 and <= 5.0.8.10
IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed ar
5.4
MEDIUM
CVE-2020-4899
>= 5.0.0.0 and <= 5.0.8.10
IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain te
9.1
CRITICAL
CVE-2020-4638
>= 2018.4.1.0 and <= 2018.4.1.12
IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. An invitee to an API Provider
7.2
HIGH
CVE-2020-4337
>= 2018.4.1.0 and <= 2018.4.1.12
IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker to launch phishing attacks by tricking the server to genera
6.5
MEDIUM
CVE-2020-4452
>= 2018.4.1.0 and <= 2018.4.1.11
IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to
7.5
HIGH
CVE-2020-4251
>= 5.0.0.0 and <= 5.0.8.8
IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary
5.4
MEDIUM
CVE-2020-4346
>= 2018.4.1.0 and <= 2018.4.1.10
IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server has an unsecured api which can be exploited by an unauthentica
5.3
MEDIUM
CVE-2020-4195
>= 2018.4.1.0 and <= 2018.4.1.10
IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. By pers
5.4
MEDIUM
CVE-2019-4553
>= 5.0.0.0 and <= 5.0.8.73
IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expected cryptographic algorithms that could allow an attacker to d
7.5
HIGH
CVE-2019-4609
all versions
IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensi
7.5
HIGH
CVE-2019-4444
>= 2018.1.0 and <= 2018.4.1.7
IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. An att
5.5
MEDIUM
CVE-2019-4600
>= 5.0.0.0 and <= 5.0.8.7
IBM API Connect version V5.0.0.0 through 5.0.8.7 could reveal sensitive information to an attacker using a specially crafted HTTP
5.3
MEDIUM
CVE-2019-4437
>= 2018.1.0 and <= 2018.4.1.6
IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swag
5.3
MEDIUM
CVE-2019-4460
>= 5.0.0.0 and <= 5.0.8.6
IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An a
7.5
HIGH
CVE-2019-4402
>= 2018.1.0 and <= 2018.4.1.6
IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an un
7.5
HIGH
CVE-2019-4382
>= 5.0.0.0 and <= 5.0.8.6
IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users us
5.3
MEDIUM
CVE-2018-2013
>= 2018.1.0 and <= 2018.4.1.5
IBM API Connect 2018.1 through 2018.4.1.5 could disclose sensitive information to an unauthorized user that could aid in further a
5.3
MEDIUM
CVE-2018-2011
>= 2018.1.0 and <= 2018.4.1.5
IBM API Connect 2018.1 through 2018.4.1.5 could allow an attacker to obtain sensitive information from a specially crafted HTTP re
5.3
MEDIUM
CVE-2018-1858
>= 5.0.0.0 and <= 5.0.8.6
IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malic
8.8
HIGH
CVE-2019-4256
>= 5.0.0.0 and <= 5.0.8.6
IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt
7.5
HIGH
CVE-2018-1991
>= 5.0.0.0 and <= 5.0.8.6
IBM API Connect 5.0.0.0, and 5.0.8.6 could return sensitive information that could provide critical information as to the un
2.7
LOW
CVE-2018-2015
>= 2018.1.0 and <= 2018.4.1.4
IBM API Connect 2018.1 and 2018.4.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a v
6.4
MEDIUM
CVE-2018-2007
>= 2018.1.0 and <= 2018.4.1.2
IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt h
5.9
MEDIUM
CVE-2019-4203
>= 5.0.0.0 and <= 5.0.8.6
IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host
9.8
CRITICAL
CVE-2019-4202
>= 5.0.0.0 and <= 5.0.8.6
IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a specially crafted requ
10.0
CRITICAL
CVE-2019-4155
>= 2018.1.0 and <= 2018.4.1.3
IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted by a privilege escalation vulnerability when integrated with
8.8
HIGH
CVE-2019-4051
>= 2018.1.0 and <= 2018.4.1.3
Some URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose system specification information like the machine id, system uuid, fil
5.3
MEDIUM
CVE-2018-1874
>= 5.0.0.0 and <= 5.0.8.5
IBM API Connect 5.0.0.0 through 5.0.8.5 could display highly sensitive information to an attacker with physical access to the syst
4.6
MEDIUM
CVE-2019-4052
>= 2018.1.0 and <= 2018.4.1.2
IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IB
7.5
HIGH
CVE-2018-2009
>= 2018.1.0 and <= 2018.4.1.0
IBM API Connect v2018.1 and 2018.4.1 is affected by an information disclosure vulnerability in the consumer API. Any registered us
6.5
MEDIUM
CVE-2019-4008
>= 2018.1.0 and <= 2018.4.1.1
API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the token
9.8
CRITICAL
CVE-2018-1976
>= 5.0.0.0 and <= 5.0.8.4
IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive information disclosure via a REST API that could allow a user wit
4.9
MEDIUM
CVE-2018-1932
>= 5.0.0.0 and <= 5.0.8.4
IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a vulnerability in the role-based access control in the management server t
4.9
MEDIUM
CVE-2018-1859
>= 5.0.0.0 and <= 5.0.8.4
IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user authenticated as an administrator with limited rights to escalate their
4.3
MEDIUM
CVE-2018-1973
>= 5.0.0.0 and <= 5.0.8.4
IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'API Administrator level access to give themselves full 'Admini
7.2
HIGH
CVE-2018-1784
>= 5.0.0.0 and <= 5.0.8.4
IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force
7.1
HIGH
CVE-2018-1778
>= 5.0.8.0 and <= 5.0.8.4
IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4) could allow an attacker to bypass authentication if the Acce
7.7
HIGH
CVE-2018-1779
>= 2018.1.0 and <= 2018.3.7
IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of service due to not setting li
7.5
HIGH
CVE-2018-1774
>= 5.0.0.0 and <= 5.0.8.4
IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that c
8.9
HIGH
CVE-2018-1789
>= 2018.1.0 and <= 2018.3.4
IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side r
8.4
HIGH
CVE-2016-1000232
>= 5.0.6.0 and <= 5.0.6.5
NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that c
5.3
MEDIUM
CVE-2018-1599
>= 5.0.0.0 and <= 5.0.8.3
IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to hijack the clicking action of the victim. By persuading a
5.4
MEDIUM
CVE-2018-1712
>= 5.0.0.0 and <= 5.0.8.3
IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specia
8.6
HIGH
CVE-2018-1638
>= 5.0.0.0 and <= 5.0.8.3
IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce Two Factor Authentication (TFA) while resetting a user password
5.9
MEDIUM
CVE-2018-1548
>= 2018.1.0.0 and <= 2018.2.4
IBM API Connect 2018.1.0.0, 2018.2.1, 2018.2.2, 2018.2.3, and 2018.2.4 contains a vulnerability that could allow an authenticated
4.3
MEDIUM
CVE-2018-1546
>= 5.0.0.0 and <= 5.0.8.3
IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to pr
5.9
MEDIUM
CVE-2018-1532
>= 5.0.0.0 and <= 5.0.8.2
IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the SESSIONID with each request, which could allow a user to obta
4.3
MEDIUM
CVE-2018-1468
all versions
IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access to internal environment and sensitive API details to which th
4.3
MEDIUM
CVE-2018-1430
>= 5.0.0.0 and <= 5.0.8.2
IBM API Connect 5.0.0.0 through 5.0.8.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary
5.4
MEDIUM
CVE-2018-1389
>= 5.0.0.0 and <= 5.0.8.2
IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by generated LoopBack APIs for a Model using the BelongsTo/HasMany relationshi
6.5
MEDIUM
CVE-2018-1469
>= 5.0.0.0 and <= 5.0.6.6
IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using
9.8
CRITICAL
CVE-2018-1382
>= 5.0.0.0 and <= 5.0.6.4
IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code
5.4
MEDIUM
CVE-2017-1785
all versions
IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive informatio
4.3
MEDIUM
CVE-2017-1555
all versions
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the appl
4.3
MEDIUM
CVE-2017-1551
all versions
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a
6.1
MEDIUM
CVE-2017-1556
all versions
IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to
6.5
MEDIUM
CVE-2017-1386
all versions
IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be interce
5.9
MEDIUM
CVE-2017-1328
all versions
IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to bypass security restrictions of the api, caused by improper han
5.3
MEDIUM
CVE-2017-1322
all versions
IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker
8.2
HIGH
CVE-2017-1379
all versions
IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to
7.5
HIGH
CVE-2017-1161
all versions
IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation o
7.3
HIGH
CVE-2016-3012
<= 5.0.2.0
IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software
7.5
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin