CVE-2018-1976 — Sensitive Information Exposure in IBM API Connect

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

4.9MEDIUMNVD

EPSS

0.2%

top 52.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM API Connect

Timeline

PublishedJan 29

Latest updateMay 13

Description

IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive information disclosure via a REST API that could allow a user with administrative privileges to obtain highly sensitive information. IBM X-Force ID: 154031.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/api_connect5.0.0.0 — 5.0.8.4

▶CVEListV5ibm/api_connect5.0.0.0, 5.0.8.4+1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-4g5q-fwgw-2wj7: IBM API Connect 5↗2022-05-13

▶

CVEList

CVE-2018-1976: IBM API Connect 5↗2019-01-29

▶