Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0149

Overview

Vulnerability Score 5.5 5.5
CVE Id CVE-2015-0149
Last Modified 18 Mar 2015 10:52:07
Published 18 Mar 2015 06:59:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2015-0149

Summary

The developer portal in IBM API Management 3.0 before 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information or modify data via unspecified API calls.

Vulnerable Systems

Application

  • Ibm Api Management 3.0.0.0

  • Ibm Api Management 3.0.2.0

  • Ibm Api Management 3.0.2.1

  • Ibm Api Management 3.0.3.0

  • Ibm Api Management 3.0.4.0


References

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21696693

AIXAPAR - LI78430


Last Updated: 27 May 2016 11:08:08