| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-1857 |
200 |
|
Bypass +Info |
2018-11-08 |
2018-12-12 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow a user to bypass FGAC control and gain access to data they shouldn't be able to see. IBM X-Force ID: 151155. |
|
2 |
CVE-2018-1838 |
200 |
|
+Info |
2018-10-12 |
2018-11-28 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
IBM WebSphere Application Server 8.5 and 9.0 in IBM Cloud could allow a remote attacker to obtain sensitive information caused by improper handling of passwords. IBM X-Force ID: 150811. |
|
3 |
CVE-2018-1802 |
264 |
|
|
2018-11-08 |
2018-12-12 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 149640. |
|
4 |
CVE-2018-1798 |
79 |
|
XSS |
2018-11-12 |
2018-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 149428. |
|
5 |
CVE-2018-1795 |
79 |
|
XSS |
2018-10-05 |
2018-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 149073. |
|
6 |
CVE-2018-1794 |
79 |
|
XSS |
2018-10-03 |
2018-11-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using OAuth ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148949. |
|
7 |
CVE-2018-1793 |
79 |
|
XSS |
2018-10-03 |
2018-11-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using SAML ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148948. |
|
8 |
CVE-2018-1791 |
20 |
|
|
2018-09-14 |
2018-11-23 |
4.9 |
None |
Remote |
Medium |
Single system |
Partial |
None |
Partial |
|
IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request property. By submitting suitable payloads, an attacker could exploit this vulnerability to induce the Connections server to attack other systems. IBM X-Force ID: 148946. |
|
9 |
CVE-2018-1782 |
254 |
|
|
2018-09-19 |
2018-11-23 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system. IBM X-Force ID: 148805. |
|
10 |
CVE-2018-1773 |
287 |
|
Bypass |
2018-09-12 |
2018-11-01 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an authenticated user to bypass future authentication mechanisms once the initial login is completed. IBM X-Force ID: 148691. |
|
11 |
CVE-2018-1770 |
22 |
|
Dir. Trav. |
2018-10-12 |
2018-11-28 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 148686. |
|
12 |
CVE-2018-1767 |
79 |
|
XSS |
2018-10-29 |
2018-11-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Cachemonitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148621. |
|
13 |
CVE-2018-1755 |
200 |
|
+Info |
2018-08-24 |
2018-10-17 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transport being used when Liberty is configured to use Java Authentication SPI for Containers (JASPIC). This can happen when the Application Server is configured to permit access on non-secure (http) port and using JASPIC or JSR375 authentication. |
|
14 |
CVE-2018-1753 |
200 |
|
+Info |
2018-10-08 |
2018-11-28 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 148514. |
|
15 |
CVE-2018-1749 |
20 |
|
Bypass |
2018-10-08 |
2018-11-28 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 148484. |
|
16 |
CVE-2018-1744 |
22 |
|
Dir. Trav. |
2018-10-15 |
2018-11-30 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 148423. |
|
17 |
CVE-2018-1724 |
284 |
|
|
2018-10-11 |
2018-11-28 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Spectrum LSF 9.1.1 9.1.2, 9.1.3, and 10.1 could allow a local user to change their job user at job submission time due to improper file permission settings. IBM X-Force ID: 147439. |
|
18 |
CVE-2018-1719 |
200 |
|
+Info |
2018-09-14 |
2018-11-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security under certain conditions. This could result in a downgrade of TLS protocol. A remote attacker could exploit this vulnerability to perform man-in-the-middle attacks. IBM X-Force ID: 147292. |
|
19 |
CVE-2018-1718 |
79 |
|
XSS |
2018-07-31 |
2018-10-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM Sterling B2B Integrator Standard Edition 5.2.0.1 - 5.2.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147166. |
|
20 |
CVE-2018-1716 |
79 |
|
XSS |
2018-09-27 |
2018-11-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147164. |
|
21 |
CVE-2018-1711 |
264 |
|
+Priv |
2018-09-21 |
2018-12-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 146369. |
|
22 |
CVE-2018-1710 |
119 |
|
Exec Code Overflow |
2018-09-21 |
2018-11-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 146364. |
|
23 |
CVE-2018-1708 |
200 |
|
+Info |
2018-10-11 |
2018-11-28 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to obtain sensitive user information such as passwords through the WebUI. IBM X-Force ID: 146343. |
|
24 |
CVE-2018-1705 |
200 |
|
+Info |
2018-08-28 |
2018-11-01 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 contain an information disclosure vulnerability that could allow an authenticated attacker to obtain highly sensitive information. IBM X-Force ID: 146340. |
|
25 |
CVE-2018-1704 |
601 |
|
+Info |
2018-09-28 |
2018-11-15 |
4.9 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
None |
|
IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 146339. |
|
26 |
CVE-2018-1694 |
200 |
|
+Info |
2018-11-06 |
2018-12-11 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 145609. |
|
27 |
CVE-2018-1685 |
200 |
|
+Info |
2018-09-21 |
2018-11-19 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability in db2cacpy that could allow a local user to read any file on the system. IBM X-Force ID: 145502. |
|
28 |
CVE-2018-1684 |
20 |
|
DoS |
2018-11-08 |
2018-12-12 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT topic string publishing that can cause a denial of service attack. IBM X-Force ID: 145456. |
|
29 |
CVE-2018-1673 |
79 |
|
XSS |
2018-10-12 |
2018-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145108. |
|
30 |
CVE-2018-1670 |
200 |
|
+Info |
2018-10-04 |
2018-11-28 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive product configuration information from log files. IBM X-Force ID: 144946. |
|
31 |
CVE-2018-1656 |
22 |
|
Dir. Trav. |
2018-08-20 |
2018-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882. |
|
32 |
CVE-2018-1649 |
22 |
|
Dir. Trav. |
2018-10-05 |
2018-11-20 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
IBM QRadar Incident Forensics 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 144655. |
|
33 |
CVE-2018-1644 |
200 |
|
+Info |
2018-08-27 |
2018-11-01 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 9.0.0.0 - 9.0.0.4, 8.0.0.0 - 8.0.0.19, 8.0.1.0 - 8.0.1.13, 8.0.3.0 - 8.0.3.6, 8.0.4.0 - 8.0.4.14, and 7.0.0.0 Feature Pack 8 could allow an authenticated user to obtain sensitive information about another user. |
|
34 |
CVE-2018-1643 |
79 |
|
XSS |
2018-11-15 |
2018-11-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Installation Verification Tool of IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144588 |
|
35 |
CVE-2018-1606 |
200 |
|
+Info |
2018-11-06 |
2018-12-11 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow an authenticated user to obtain sensitive information from an error message that could be used in further attacks against the system. IBM X-Force ID: 143796. |
|
36 |
CVE-2018-1587 |
200 |
|
+Info |
2018-07-19 |
2018-09-12 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 could reveal technical error messages to allow an adversary to gain information about the application and database that could be used to conduct further attacks. IBM X-Force ID: 143500. |
|
37 |
CVE-2018-1566 |
134 |
|
Exec Code |
2018-07-10 |
2018-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. IBM X-Force ID: 143023. |
|
38 |
CVE-2018-1565 |
119 |
|
Overflow |
2018-05-25 |
2018-06-22 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 143022. |
|
39 |
CVE-2018-1549 |
113 |
|
XSS Http R.Spl. +Info |
2018-07-10 |
2018-08-31 |
4.9 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
None |
|
IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 142658. |
|
40 |
CVE-2018-1546 |
200 |
|
+Info |
2018-07-06 |
2018-08-27 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142650. |
|
41 |
CVE-2018-1544 |
119 |
|
Overflow |
2018-05-25 |
2018-06-22 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 142648. |
|
42 |
CVE-2018-1543 |
295 |
|
+Info |
2018-06-27 |
2018-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142598. |
|
43 |
CVE-2018-1528 |
200 |
|
+Info |
2018-08-06 |
2018-10-04 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290. |
|
44 |
CVE-2018-1515 |
119 |
|
Overflow |
2018-05-25 |
2018-06-22 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 141624. |
|
45 |
CVE-2018-1503 |
20 |
|
|
2018-07-23 |
2018-09-18 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a remotely authenticated attacker to to send invalid or malformed headers that could cause messages to no longer be transmitted via the affected channel. IBM X-Force ID: 141339. |
|
46 |
CVE-2018-1492 |
384 |
|
|
2018-07-10 |
2018-09-06 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly log out from the previous session. IBM X-Force ID: 140977. |
|
47 |
CVE-2018-1487 |
264 |
|
|
2018-07-10 |
2018-09-06 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 140972. |
|
48 |
CVE-2018-1483 |
79 |
|
XSS |
2018-04-11 |
2018-05-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140918. |
|
49 |
CVE-2018-1473 |
79 |
|
XSS |
2018-04-27 |
2018-05-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 140691. |
|
50 |
CVE-2018-1468 |
200 |
|
+Info |
2018-05-02 |
2018-06-06 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access to internal environment and sensitive API details to which they are not authorized. IBM X-Force ID: 140399. |
