IBMBC967C8C093D38F6BE198BC1D6EB40842A05EAA5D7B4DFF89E200376F85F7C9ESecurity Bulletin: IBM API Connect server credentials used for a specific restricted scenario may have been exposed (CVE-2016-3012)
EPSS
Percentile
52.7%
Summary
IBM API Connect server credentials used for a specific restricted scenario that is internal and do not involve authentication may have been exposed and packaged in the toolkit.
Vulnerability Details
CVEID: CVE-2016-3012**
DESCRIPTION:** IBM API Connect server credentials used for an internal restricted scenario may have been exposed in the toolkit.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114275 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
All toolkit versions on or earlier than APIConnect v5.0.2.0, NPM version 2.1.19.
Remediation/Fixes
Server credentials are updated and the fix is available in the toolkit installation of APIConnect version 5.0.3.0, NPM version 2.2.8 or later. For upgrading the toolkit, refer Updating your toolkit installation.
Workarounds and Mitigations
None
Related
EPSS
Percentile
52.7%