Lucene search
IBM74972A228266CB76BC9BFB362B76271EAD30F0B742F6DBC88622FF945CCF0C9DHistoryJun 12, 2019 - 10:20 p.m.
Security Bulletin: API Connect V2018 is impacted by sensitive information leak (CVE-2018-2013)
2019-06-1222:20:01
www.ibm.com
12
0.001 Low
EPSS
Percentile
46.9%
Summary
IBM API Connect has addressed the following vulnerability.
Vulnerability Details
CVEID:CVE-2018-2013
**DESCRIPTION:*IBM API Connect could disclose sensitive information to an unauthorized user that could aid in further attacks against the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155193> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
| Affected IBM API Management | Affected Versions |
|---|---|
| IBM API Connect | 2018.1-2018.4.1.5 |
Remediation/Fixes
| Affected releases | Fixed in VRMF | APAR | Remediation / First Fix |
|---|---|---|---|
| IBM API Connect V2018.1-2018.4.1.5 | 2018.4.1.6 fixpack |
LI80923
|
Addressed in IBM API Connect v2018.4.1.6 fixpack.
Management server is impacted.
Follow this link and find the “management” package appropriate for form factor for your installation for 2018.4.1.6.
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm api connect | eq | 2018.1 | |
| ibm api connect | eq | 2018.4.1.5 |
Related
cvelist
cvelist
CVE-2018-2013
2019-06-12 00:00:00
nvd
nvd
CVE-2018-2013
2019-06-25 16:15:10
cve
cve
CVE-2018-2013
2019-06-25 16:15:10
prion
prion
Design/Logic Flaw
2019-06-25 16:15:00
0.001 Low
EPSS
Percentile
46.9%
Related for 74972A228266CB76BC9BFB362B76271EAD30F0B742F6DBC88622FF945CCF0C9D