CVE-2015-0149

2015-03-1810:59:06

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

AI Score

5.7

Confidence

Low

EPSS

0.001

Percentile

44.4%

JSON

The developer portal in IBM API Management 3.0 before 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information or modify data via unspecified API calls.

Affected configurations

Nvd

Node

ibmapi_managementMatch3.0.0.0

ibmapi_managementMatch3.0.2.0

ibmapi_managementMatch3.0.2.1

ibmapi_managementMatch3.0.3.0

ibmapi_managementMatch3.0.4.0

VendorProductVersionCPE
ibmapi_management3.0.0.0cpe:2.3:a:ibm:api_management:3.0.0.0:*:*:*:*:*:*:*
ibmapi_management3.0.2.0cpe:2.3:a:ibm:api_management:3.0.2.0:*:*:*:*:*:*:*
ibmapi_management3.0.2.1cpe:2.3:a:ibm:api_management:3.0.2.1:*:*:*:*:*:*:*
ibmapi_management3.0.3.0cpe:2.3:a:ibm:api_management:3.0.3.0:*:*:*:*:*:*:*
ibmapi_management3.0.4.0cpe:2.3:a:ibm:api_management:3.0.4.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	api_management	3.0.0.0	cpe:2.3:a:ibm:api_management:3.0.0.0:::::::*
ibm	api_management	3.0.2.0	cpe:2.3:a:ibm:api_management:3.0.2.0:::::::*
ibm	api_management	3.0.2.1	cpe:2.3:a:ibm:api_management:3.0.2.1:::::::*
ibm	api_management	3.0.3.0	cpe:2.3:a:ibm:api_management:3.0.3.0:::::::*
ibm	api_management	3.0.4.0	cpe:2.3:a:ibm:api_management:3.0.4.0:::::::*