CVE-2017-1386Weak Password Requirements in IBM API Connect

CWE-521Weak Password Requirements3 documents3 sources
Severity
5.9MEDIUMNVD
EPSS
0.2%
top 55.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM API ConnectIBM API Management
Timeline
PublishedJul 31
Latest updateMay 13

Description

IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

CVEListV5ibm/api_connect6 versions+5
NVDibm/api_connect11 versions+10
NVDibm/api_management12 versions+11

🔴Vulnerability Details

2
GHSA
GHSA-xqj8-j5cp-c427: IBM API Connect 52022-05-13
CVEList
CVE-2017-1386: IBM API Connect 52017-07-31
CVE-2017-1386 — Weak Password Requirements in IBM | cvebase