CVE-2019-4051
5.3
CVSS:3.0/S:U/UI:N/AV:N/A:N/PR:N/I:N/AC:L/C:L/RC:C/E:U/RL:O
Summary
Some URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose system specification information like the machine id, system uuid, filesystem paths, network interface names along with their mac addresses. An attacker can use this information in targeted attacks. IBM X-Force ID: 156542.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | API Connect | 2018.1 | affected |
| IBM | API Connect | 2018.4.1.3 | affected |
Weaknesses
- Obtain Information
ADP Enrichment
CVE Program Container
Additional References
- https://www.ibm.com/support/docview.wss?uid=ibm10879395
- https://exchange.xforce.ibmcloud.com/vulnerabilities/156542
- http://www.securityfocus.com/bid/107841
References
- https://www.ibm.com/support/docview.wss?uid=ibm10879395
- https://exchange.xforce.ibmcloud.com/vulnerabilities/156542
- http://www.securityfocus.com/bid/107841
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.