CVE-2018-1932 — Sensitive Information Exposure in IBM API Connect

CWE-200 — Sensitive Information Exposure6 documents5 sources

Severity

4.9MEDIUMNVD

EPSS

5.5%

top 9.78%

CISA KEV

Not in KEV

Exploit

Exploited in wild

Active exploitation observed

Affected products

IBM API Connect

Timeline

PublishedJan 8

Latest updateMay 13

Description

IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a vulnerability in the role-based access control in the management server that could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 153175.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/api_connect5.0.0.0 — 5.0.8.4

▶CVEListV5ibm/api_connect5.0.0.0, 5.0.8.4+1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-ffr8-3w9r-g74m: IBM API Connect 5↗2022-05-13

▶

CVEList

CVE-2018-1932: IBM API Connect 5↗2019-01-08

▶

VulnCheck

IBM api_connect Exposure of Sensitive Information to an Unauthorized Actor↗2018

▶

💬Community

Bugzilla

CVE-2018-1100 zsh: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code execution↗2018-04-03

▶

Bugzilla

CVE-2018-1083 zsh: Stack-based buffer overflow in gen_matches_files() at compctl.c↗2018-03-16

▶