CVE-2019-4051

Some URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose system specification information like the machine id, system uuid, filesystem paths, network interface names along with their mac addresses. An attacker can use this information in targeted attacks. IBM X-Force ID: 156542.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
ibmCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/S:U/UI:N/AV:N/A:N/PR:N/I:N/AC:L/C:L/RC:C/E:U/RL:O
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
VendorProductVersion
ibmapi_connect
2018.1.0 ≤
𝑥
≤ 2018.4.1.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/107841
https://exchange.xforce.ibmcloud.com/vulnerabilities/156542
https://www.ibm.com/support/docview.wss?uid=ibm10879395
http://www.securityfocus.com/bid/107841
https://exchange.xforce.ibmcloud.com/vulnerabilities/156542
https://www.ibm.com/support/docview.wss?uid=ibm10879395