Lucene search

IbmCVE-2014-3036

HistoryJun 08, 2014 - 11:55 p.m.

CVE-2014-3036

2014-06-0823:55:02

ibm

web.nvd.nist.gov

ibm

api management

cve-2014-3036

vulnerability

remote attackers

bypass

sensitive information

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

0.003

Percentile

71.0%

JSON

Unspecified vulnerability in IBM API Management 3.0.0.0, when basic authentication is used for APIs, allows remote attackers to bypass intended restrictions on topology access, and obtain sensitive information, via unknown vectors.

Affected configurations

Nvd

Node

ibmapi_managementMatch3.0.0.0

VendorProductVersionCPE
ibmapi_management3.0.0.0cpe:2.3:a:ibm:api_management:3.0.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	api_management	3.0.0.0	cpe:2.3:a:ibm:api_management:3.0.0.0:::::::*

References

secunia.com/advisories/59044

www-01.ibm.com/support/docview.wss?uid=swg1LI78000

www-01.ibm.com/support/docview.wss?uid=swg21674232

www.securityfocus.com/bid/67941

exchange.xforce.ibmcloud.com/vulnerabilities/93302

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

0.003

Percentile

71.0%

JSON

Related for CVE-2014-3036