CVE-2018-1991 — Sensitive Information Exposure in IBM API Connect

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

2.7LOWNVD

EPSS

0.1%

top 65.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM API Connect

Timeline

PublishedMay 22

Latest updateMay 24

Description

IBM API Connect 5.0.0.0, and 5.0.8.6 could could return sensitive information that could provide critical information as to the underlying software stack in CMC UI headers. IBM X-Force ID: 154284.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages2 packages

▶NVDibm/api_connect5.0.0.0 — 5.0.8.6

▶CVEListV5ibm/api_connect5.0.0.0, 5.0.8.6+1

🔴Vulnerability Details

GHSA

GHSA-84jp-rqr8-mw8v: IBM API Connect 5↗2022-05-24

▶

CVEList

CVE-2018-1991: IBM API Connect 5↗2019-05-22

▶