Api gateway
This hub aggregates every CVE we track for Api gateway, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.
18
CVEs tracked
3
Critical
6
High
0
In CISA KEV
Severity distribution
MEDIUM9HIGH6CRITICAL3
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Api gateway.
- CVE-2020-1971EDIPARTYNAME NULL pointer dereference5.9
- CVE-2019-17566Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this ...7.5
- CVE-2020-11979As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task dele...7.5
- CVE-2019-15631Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code.9.8
- CVE-2019-15630Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher release...7.5
- CVE-2019-15590-byte record padding oracle5.9
- CVE-2018-5407Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.4.7
- CVE-2018-0734Timing attack against DSA5.9
- CVE-2018-0735Timing attack against ECDSA signature generation5.9
- CVE-2018-1000613Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('U...9.8
- CVE-2018-0732Client DoS due to large DH parameter7.5
- CVE-2018-1000180Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with add...7.5
- CVE-2018-0739Constructed ASN.1 types with a recursive definition could exceed the stack6.5
- CVE-2017-3738There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and D...5.9
- CVE-2017-3601Vulnerability in the Oracle API Gateway component of Oracle Fusion Middleware (subcomponent: Oracle API Gateway). The supported version that is affected is 11.1.2.4.0. Easily "exploitable" vulnerab...8.1
Product normalization is registry-driven with AI assist and human review. How it works