CVE-2017-1379Sensitive Information Exposure in IBM API Connect

CWE-200Sensitive Information ExposureCWE-460Improper Cleanup on Thrown Exception4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 45.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM API Connect
Timeline
PublishedJun 15
Latest updateMay 17

Description

IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/api_connect6 versions+5
NVDibm/api_connect12 versions+11

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-487w-m6p3-wwrf: IBM API Connect 52022-05-17
CVEList
CVE-2017-1379: IBM API Connect 52017-06-15

📋Vendor Advisories

1
Red Hat
ImageMagick: Memory leak in the ReadBMPImage function2017-05-03
CVE-2017-1379 — Sensitive Information Exposure in IBM | cvebase