CVE-2018-1935Sensitive Information Exposure in IBM Connections

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 62.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Connections
Timeline
PublishedDec 6
Latest updateMay 13

Description

IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to obtain sensitive information from invalid request error messages. IBM X-Force ID: 153315.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5ibm/connections5.0, 5.5, 6.0+2
NVDibm/connections5.0, 5.5, 6.0+2

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-cf5v-ffjr-c3cr: IBM Connections 52022-05-13
CVEList
CVE-2018-1935: IBM Connections 52018-12-06
CVE-2018-1935 — Sensitive Information Exposure in IBM | cvebase