Vulnerability CVE-2015-0149


Published: 2015-03-18

Description:
The developer portal in IBM API Management 3.0 before 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information or modify data via unspecified API calls.

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.5/10
4.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None
Affected software
IBM -> Api management 

 References:
http://www-01.ibm.com/support/docview.wss?uid=swg21696693
http://www-01.ibm.com/support/docview.wss?uid=swg1LI78430

Copyright 2021, cxsecurity.com

 

Back to Top