IBM API Connect server credentials used for a specific restricted scenario that is internal and do not involve authentication may have been exposed and packaged in the toolkit.
CVEID: CVE-2016-3012**
DESCRIPTION:** IBM API Connect server credentials used for an internal restricted scenario may have been exposed in the toolkit.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114275 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
All toolkit versions on or earlier than APIConnect v5.0.2.0, NPM version 2.1.19.
Server credentials are updated and the fix is available in the toolkit installation of APIConnect version 5.0.3.0, NPM version 2.2.8 or later. For upgrading the toolkit, refer Updating your toolkit installation.
None