CVE-2019-4600 — IBM API Connect vulnerability

5 documents5 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 64.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM API Connect

Timeline

PublishedOct 29

Latest updateMay 24

Description

IBM API Connect version V5.0.0.0 through 5.0.8.7 could reveal sensitive information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 167883.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDibm/api_connect5.0.0.0 — 5.0.8.7

▶CVEListV5ibm/api_connect5.0.0.0, 5.0.8.7+1

🔴Vulnerability Details

GHSA

GHSA-jxcg-m2hj-vfw2: IBM API Connect version V5↗2022-05-24

▶

OSV

netty vulnerabilities↗2020-10-27

▶

CVEList

CVE-2019-4600: IBM API Connect version V5↗2019-10-28

▶

💥Exploits & PoCs

Nuclei

SonicWall SRA 4600 VPN - SQL Injection

▶