CVE-2018-2009

Опубликовано: 11 мар. 2019

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

IBM API Connect v2018.1 and 2018.4.1 is affected by an information disclosure vulnerability in the consumer API. Any registered user can obtain a list of all other users in all other orgs, including email id/names, etc. IBM X-Force ID: 155148.

Ссылки

http://www.securityfocus.com/bid/107396
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/155148
VDB Entry
Vendor Advisory
https://www.ibm.com/support/docview.wss?uid=ibm10794327
Vendor Advisory
http://www.securityfocus.com/bid/107396
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/155148
VDB Entry
Vendor Advisory
https://www.ibm.com/support/docview.wss?uid=ibm10794327
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ibm:api_connect:*:*:*:*:*:*:*:*

Версия от 2018.1.0 (включая) до 2018.4.1.0 (включая)

EPSS

Процентиль: 48%

0.00251

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-c963-547x-7462