ID CVE-2015-0149 Type cve Reporter NVD Modified 2015-03-18T10:52:07
Description
The developer portal in IBM API Management 3.0 before 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information or modify data via unspecified API calls.
{"reporter": "NVD", "enchantments": {"score": {"vector": "NONE", "value": 5.0}, "dependencies": {"references": [{"type": "kaspersky", "idList": ["KLA10503"]}], "modified": "2016-09-03T21:50:30"}, "vulnersScore": 5.0}, "published": "2015-03-18T06:59:06", "cvelist": ["CVE-2015-0149"], "title": "CVE-2015-0149", "objectVersion": "1.2", "type": "cve", "hash": "433ff712e8b4b8b68fbf37f265ca535bba7fe1f0be286a80ef89a7c596a191a5", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0149", "bulletinFamily": "NVD", "id": "CVE-2015-0149", "history": [], "scanner": [], "cvss": {"score": 5.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "modified": "2015-03-18T10:52:07", "viewCount": 0, "cpe": ["cpe:/a:ibm:api_management:3.0.2.0", "cpe:/a:ibm:api_management:3.0.0.0", "cpe:/a:ibm:api_management:3.0.3.0", "cpe:/a:ibm:api_management:3.0.2.1", "cpe:/a:ibm:api_management:3.0.4.0"], "edition": 1, "description": "The developer portal in IBM API Management 3.0 before 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information or modify data via unspecified API calls.", "references": ["http://www-01.ibm.com/support/docview.wss?uid=swg21696693", "http://www-01.ibm.com/support/docview.wss?uid=swg1LI78430"], "lastseen": "2016-09-03T21:50:30", "assessment": {"system": "", "name": "", "href": ""}}
{"kaspersky": [{"lastseen": "2019-02-13T16:35:57", "bulletinFamily": "info", "description": "### *Detect date*:\n03/24/2015\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple serious vulnerabilities have been found in IBM products. \n\n### *Affected products*:\nIBM Bluemix Liberty versions earlier than 1.13-20150209-1122 \nIBM API Management 3 versions earlier 3.0.4.1 \nIBM Content Collector for Email 3 versions earlier than 3.0.0.6-IBM-ICC-Server-IF001 \nIBM Content Collector for Email 4 before 4.0.0.3-IBM-ICC-Server-IF001 \nIBM Tivoli Directory Server (ITDS) 6 versions earlier than 6.0.0.73-ISS-ITDS-IF0073 \nIBM Tivoli Directory Server (ITDS) 6.1 versions earlier than 6.1.0.66-ISS-ITDS-IF0066 \nIBM Tivoli Directory Server (ITDS) 6.2 versions earlier than 6.2.0.42-ISS-ITDS-IF0042 \nIBM Tivoli Directory Server (ITDS) 6.3 versions earlier than 6.3.0.35-ISS-ITDS-IF0035 \nIBM Security Directory Server (ISDS) 6.3.1 versions earlier than 6.3.1.9-ISS-ISDS-IF0009 \nIBM Tivoli Identity Manager Active Directory adapter versions earlier than 5.1.4 \nIBM Security Identity Manager Active Directory adapter versions earlier than 6.0.14 \nIBM Rational ClearCase 8.0.0 before 8.0.0.14 \nIBM Rational ClearCase 8.0.1 before 8.0.1.7\n\n### *Solution*:\nUpdate to latest version\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[IBM Tivoli Directory Server](<https://threats.kaspersky.com/en/product/IBM-Tivoli-Directory-Server/>)\n\n### *CVE-IDS*:\n[CVE-2014-8923](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8923>) \n[CVE-2015-0138](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0138>) \n[CVE-2015-0149](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0149>) \n[CVE-2015-0146](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0146>) \n[CVE-2014-6134](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6134>) \n[CVE-2015-0178](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0178>)", "modified": "2019-02-06T00:00:00", "published": "2015-03-24T00:00:00", "id": "KLA10503", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10503", "title": "\r KLA10503Multiple vulnerabilities in IBM products ", "type": "kaspersky", "cvss": {"score": 5.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}}]}
