CVE-2019-4008Log File Information Exposure in IBM API Connect

CWE-532Log File Information Exposure5 documents4 sources
Severity
9.8CRITICALNVD
EPSS
0.5%
top 35.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM API Connect
Timeline
PublishedFeb 7
Latest updateMay 13

Description

API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDibm/api_connect2018.1.02018.4.1.1
CVEListV5ibm/api_connect2018.1, 2018.4.1.1+1

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

4
GHSA
GHSA-hg9m-423c-v2w6: API Connect V20182022-05-13
OSV
linux-lts-xenial, linux-aws vulnerabilities2019-06-07
OSV
apparmor update2019-06-05
CVEList
CVE-2019-4008: API Connect V20182019-02-07
CVE-2019-4008 — Log File Information Exposure in IBM | cvebase