Lucene search

PRIOn knowledge basePRION:CVE-2015-0149

HistoryMar 18, 2015 - 10:59 a.m.

Design/Logic Flaw

2015-03-1810:59:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

Low

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

43.1%

JSON

The developer portal in IBM API Management 3.0 before 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information or modify data via unspecified API calls.

CPENameOperatorVersion
api_managementeq3.0.4.0
api_managementeq3.0.2.0
api_managementeq3.0.0.0
api_managementeq3.0.2.1
api_managementeq3.0.3.0

Name	Operator	Version
api_management	eq	3.0.4.0
api_management	eq	3.0.2.0
api_management	eq	3.0.0.0
api_management	eq	3.0.2.1
api_management	eq	3.0.3.0

References

www-01.ibm.com/support/docview.wss?uid=swg1LI78430

www-01.ibm.com/support/docview.wss?uid=swg21696693

6 Medium

AI Score

Confidence

Low

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

43.1%

JSON

Related for PRION:CVE-2015-0149