Lucene search

[email protected]CVE-2014-3036

HistoryJun 08, 2014 - 11:55 p.m.

CVE-2014-3036

2014-06-0823:55:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

ibm

api management

cve-2014-3036

vulnerability

remote attackers

bypass

sensitive information

7.3 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

70.9%

JSON

Unspecified vulnerability in IBM API Management 3.0.0.0, when basic authentication is used for APIs, allows remote attackers to bypass intended restrictions on topology access, and obtain sensitive information, via unknown vectors.

CPENameOperatorVersion
ibm:api_managementibm api managementeq3.0.0.0

CPE	Name	Operator	Version
ibm:api_management	ibm api management	eq	3.0.0.0

References

secunia.com/advisories/59044

www-01.ibm.com/support/docview.wss?uid=swg1LI78000

www-01.ibm.com/support/docview.wss?uid=swg21674232

www.securityfocus.com/bid/67941

exchange.xforce.ibmcloud.com/vulnerabilities/93302

7.3 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

70.9%

JSON

Related for CVE-2014-3036

cvelist1 prion1