Lucene search

IBMBC967C8C093D38F6BE198BC1D6EB40842A05EAA5D7B4DFF89E200376F85F7C9E

HistoryJun 15, 2018 - 7:06 a.m.

Security Bulletin: IBM API Connect server credentials used for a specific restricted scenario may have been exposed (CVE-2016-3012)

2018-06-1507:06:03

www.ibm.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

Summary

IBM API Connect server credentials used for a specific restricted scenario that is internal and do not involve authentication may have been exposed and packaged in the toolkit.

Vulnerability Details

CVEID: CVE-2016-3012**
DESCRIPTION:** IBM API Connect server credentials used for an internal restricted scenario may have been exposed in the toolkit.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114275 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

All toolkit versions on or earlier than APIConnect v5.0.2.0, NPM version 2.1.19.

Remediation/Fixes

Server credentials are updated and the fix is available in the toolkit installation of APIConnect version 5.0.3.0, NPM version 2.2.8 or later. For upgrading the toolkit, refer Updating your toolkit installation.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm api connecteq5.0.2.0
ibm api connecteq5.0.1.0
ibm api connecteq5.0.0.1
ibm api connecteq5.0.0.0

Name	Operator	Version
ibm api connect	eq	5.0.2.0
ibm api connect	eq	5.0.1.0
ibm api connect	eq	5.0.0.1
ibm api connect	eq	5.0.0.0

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

Related for BC967C8C093D38F6BE198BC1D6EB40842A05EAA5D7B4DFF89E200376F85F7C9E