CVE-2019-4382Cleartext Transmission of Sensitive Info in IBM API Connect

CWE-319Cleartext Transmission of Sensitive Info3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.3%
top 43.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM API Connect
Timeline
PublishedJun 25
Latest updateMay 24

Description

IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. IBM X-Force ID: 162162.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDibm/api_connect5.0.0.05.0.8.6
CVEListV5ibm/api_connect5.0.0.0, 5.0.8.6+1

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-h2c2-gc59-r4j2: IBM API Connect 52022-05-24
CVEList
CVE-2019-4382: IBM API Connect 52019-06-25
CVE-2019-4382 — IBM API Connect vulnerability | cvebase