Описание
The developer portal in IBM API Management 3.0 before 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information or modify data via unspecified API calls.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:api_management:3.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:api_management:3.0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:api_management:3.0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:api_management:3.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:api_management:3.0.4.0:*:*:*:*:*:*:*
EPSS
Процентиль: 37%
0.00154
Низкий
5.5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
The developer portal in IBM API Management 3.0 before 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information or modify data via unspecified API calls.
EPSS
Процентиль: 37%
0.00154
Низкий
5.5 Medium
CVSS2
Дефекты
CWE-264