ibm API Connect Vulnerabilities: CVEs, CISA KEV & Security Advisories

Severity and exploitation

How the CVSS severity of ibm API Connect's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical4

High14

Medium44

Low2

15 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

None of ibm API Connect's CVEs are currently listed in CISA's KEV catalog.

Public exploits

No ibm API Connect CVEs currently have a tracked public exploit.

Affected versions and CVEs

Browse every ibm API Connect version named in a CVE, then pick one to see only the CVEs that affect it.

Specific versions

5.0.0.036 CVEs
2018.114 CVEs
5.0.7.014 CVEs
5.0.7.114 CVEs
2018.4.1.013 CVEs
5.0.6.013 CVEs
5.0.6.112 CVEs
5.0.6.212 CVEs
5.0.7.212 CVEs
5.0.1.011 CVEs
5.0.2.011 CVEs
5.0.3.011 CVEs
5.0.4.011 CVEs
5.0.5.011 CVEs
5.0.8.010 CVEs
5.0.8.110 CVEs
10.0.0.08 CVEs
5.0.6.38 CVEs
5.0.6.48 CVEs
5.0.8.28 CVEs
2018.4.1.137 CVEs
5.0.6.57 CVEs
5.0.8.47 CVEs
5.0.8.67 CVEs
10.0.1.06 CVEs
5.0.0.15 CVEs
5.0.6.65 CVEs
5.0.8.113 CVEs
5.0.8.33 CVEs
2018.2.12 CVEs
2018.2.22 CVEs
2018.2.32 CVEs
2018.2.42 CVEs
2018.4.12 CVEs
2018.4.1.102 CVEs
2018.4.1.22 CVEs
2018.4.1.32 CVEs
2018.4.1.52 CVEs
2018.4.1.62 CVEs
5.0.8.102 CVEs
5.0.8.82 CVEs
10.0.1.11 CVE
2018.1.01 CVE
2018.1.0.01 CVE
2018.2.101 CVE
2018.2.111 CVE
2018.2.51 CVE
2018.2.61 CVE
2018.2.71 CVE
2018.2.81 CVE
2018.2.91 CVE
2018.3.11 CVE
2018.3.21 CVE
2018.3.31 CVE
2018.3.41 CVE
2018.3.61 CVE
2018.3.71 CVE
2018.4.1.11 CVE
2018.4.1.111 CVE
2018.4.1.121 CVE
2018.4.1.41 CVE
2018.4.1.71 CVE
2018.4.121 CVE
5.01 CVE
5.0.8.51 CVE
5.0.8.71 CVE
5.0.8.7iFix31 CVE

Fixed in

10.0.1.72 CVEs
10.0.5.02 CVEs
> 10.0.8.51 CVE
10.0.1.11 CVE
10.0.1.111 CVE
10.0.1.91 CVE
10.0.5.11 CVE
10.0.5.21 CVE
2018.4.1.131 CVE
2018.4.1.191 CVE
2018.4.1.201 CVE

Find a version

79 CVEs

Sort

Authentication bypass in IBM API Connect
CVE-2025-13915
Patch
Workaround
CWE-305
Critical · CVSS 9.8
EPSS 0.3% (56th pct)2025-12-26
Medium vulnerability · 2023-12-09
CVE-2023-47722
Medium · CVSS 6.2
EPSS 0.0% (6th pct)2023-12-09
Medium vulnerability · 2023-05-12
CVE-2023-28522
Patch
Medium · CVSS 4.3
EPSS 0.1% (23th pct)2023-05-12
Medium vulnerability · 2023-02-08
CVE-2022-34350
Patch
Medium · CVSS 5.3
EPSS 0.4% (60th pct)2023-02-08
Medium vulnerability · 2022-12-01
CVE-2021-38997
Patch
CWE-644
Medium · CVSS 5.4
EPSS 0.3% (52th pct)2022-12-01
Medium vulnerability · 2021-08-26
CVE-2021-29772
Patch
Medium · CVSS 5.6
EPSS 0.3% (48th pct)2021-08-26
Medium vulnerability · 2021-08-26
CVE-2021-29715
Patch
Medium · CVSS 6.5
EPSS 0.5% (67th pct)2021-08-26
Medium vulnerability · 2021-08-17
CVE-2020-4706
Patch
Medium · CVSS 5.4
EPSS 0.0% (12th pct)2021-08-17
Medium vulnerability · 2021-08-04
CVE-2020-4707
Patch
Medium · CVSS 5.4
EPSS 0.2% (37th pct)2021-08-04
Medium vulnerability · 2021-03-15
CVE-2021-20440
Patch
Medium · CVSS 6.4
EPSS 0.2% (39th pct)2021-03-15
Medium vulnerability · 2021-03-08
CVE-2020-4903
Patch
Medium · CVSS 4.8
EPSS 0.1% (33th pct)2021-03-08
Medium vulnerability · 2021-03-08
CVE-2020-4695
Patch
Medium · CVSS 5.9
EPSS 0.1% (27th pct)2021-03-08
Medium vulnerability · 2021-02-04
CVE-2020-4828
Patch
Medium · CVSS 6.5
EPSS 0.2% (36th pct)2021-02-04
Medium vulnerability · 2021-02-04
CVE-2020-4827
Patch
Medium · CVSS 4.3
EPSS 0.1% (26th pct)2021-02-04
Medium vulnerability · 2021-02-04
CVE-2020-4826
Patch
Medium · CVSS 4.3
EPSS 0.1% (26th pct)2021-02-04
Medium vulnerability · 2021-02-04
CVE-2020-4825
Patch
Medium · CVSS 5.4
EPSS 0.2% (37th pct)2021-02-04
Low vulnerability · 2021-02-04
CVE-2020-4640
Patch
Low · CVSS 3.4
EPSS 0.1% (23th pct)2021-02-04
Medium vulnerability · 2021-01-12
CVE-2020-4838
Patch
Medium · CVSS 6.4
EPSS 0.1% (26th pct)2021-01-12
High vulnerability · 2021-01-05
CVE-2020-4899
Patch
High · CVSS 7.4
EPSS 0.1% (29th pct)2021-01-05
High vulnerability · 2020-09-03
CVE-2020-4638
Patch
High · CVSS 7.2
EPSS 0.5% (67th pct)2020-09-03
Medium vulnerability · 2020-09-03
CVE-2020-4337
Patch
Medium · CVSS 6.5
EPSS 0.2% (41th pct)2020-09-03
Medium vulnerability · 2020-06-29
CVE-2020-4452
Patch
Medium · CVSS 5.9
EPSS 0.1% (29th pct)2020-06-29
Medium vulnerability · 2020-06-12
CVE-2020-4251
Patch
Medium · CVSS 5.4
EPSS 0.2% (39th pct)2020-06-12
Medium vulnerability · 2020-05-12
CVE-2020-4346
Patch
Medium · CVSS 5.3
EPSS 0.2% (39th pct)2020-05-12
Medium vulnerability · 2020-05-12
CVE-2020-4195
Patch
Medium · CVSS 5.4
EPSS 0.1% (25th pct)2020-05-12
Medium vulnerability · 2020-03-24
CVE-2019-4553
Patch
Medium · CVSS 5.9
EPSS 0.1% (35th pct)2020-03-24
Medium vulnerability · 2019-12-18
CVE-2019-4609
Patch
Medium · CVSS 5.9
EPSS 0.1% (33th pct)2019-12-18
Medium vulnerability · 2019-12-16
CVE-2019-4444
Patch
Medium · CVSS 5.1
EPSS 0.1% (27th pct)2019-12-16
Medium vulnerability · 2019-10-28
CVE-2019-4600
Patch
Medium · CVSS 5.3
EPSS 0.2% (36th pct)2019-10-28
High vulnerability · 2019-08-20
CVE-2019-4437
Patch
High · CVSS 8.2
EPSS 0.2% (43th pct)2019-08-20

Showing 30 of 79

Severity and exploitation

ibm API Connect Vulnerabilities

Overview

Severity and exploitation

Affected versions and CVEs

Specific versions

Fixed in

Common weakness types

Disclosure activity by year

Other ibm products

Frequently asked questions

How many CVEs does ibm API Connect have?

How many ibm API Connect CVEs are in CISA KEV?

Are there public exploits for ibm API Connect vulnerabilities?

Which versions of ibm API Connect are affected?

What are the most common weakness types in ibm API Connect CVEs?

How many critical ibm API Connect vulnerabilities are there?

What is the average severity of ibm API Connect CVEs?

References

Track ibm API Connect vulnerabilities