io.apiman: apiman-manager-api-rest-impl is vulnerable to Information Disclosure. An authenticated attacker is able to gain access to API keys they do not have permission for if they correctly guess the URL which includes Organisation ID, Client ID, and Client Version. Access to the non-permitted API Keys may allow use of other users’ resources without their permission.
CPE | Name | Operator | Version |
---|---|---|---|
apiman-manager-api-rest-impl | le | 3.0.0.Final | |
apiman-manager-api-rest-impl | le | 3.0.0.Final |