Skip to main content
CVE-2019-4202 CRITICAL Act Now

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE IBM Command Injection Api Connect
NVD
CVSS 3.1
10.0
EPSS
4.2%
CVE-2019-6609 CRITICAL Act Now

Platform dependent weakness. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager +11
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-4203 CRITICAL Act Now

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF IBM Api Connect
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-4012 CRITICAL Act Now

IBM BigFix WebUI Profile Management 6 and Software Distribution 23 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi IBM Bigfix Webui Profile Management Bigfix Webui Software Distribution
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2019-6526 CRITICAL Act Now

Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior use plaintext transmission of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Iks G6824A Firmware Eds 405A Firmware Eds 408A Firmware Eds 510A Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2019-4178 CRITICAL Act Now

IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Path Traversal Cognos Analytics
NVD
CVSS 3.0
9.1
EPSS
3.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy