Vulnerability CVE-2019-4051
Published: 2019-04-08

Description:
Some URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose system specification information like the machine id, system uuid, filesystem paths, network interface names along with their mac addresses. An attacker can use this information in targeted attacks. IBM X-Force ID: 156542.

Type:

CWE-200

 (Information Exposure)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
IBM -> Api connect 

 References:
http://www.securityfocus.com/bid/107841
https://exchange.xforce.ibmcloud.com/vulnerabilities/156542
https://www.ibm.com/support/docview.wss?uid=ibm10879395
Copyright 2024, cxsecurity.com

 

Back to Top