Описание
IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials.
Ссылки
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 5.0.2.0 (включая)Версия до 2.1.1.9 (включая)
Одно из
cpe:2.3:a:ibm:api_connect:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:network_path_manager:*:*:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.00153
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials.
EPSS
Процентиль: 36%
0.00153
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200