CVE-2016-3012

HIGH

IBM API Connect < 5.0.3.0 - Exposure of Sensitive Information via Internal Credentials

Title source: llm
STIX 2.1

Description

IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/92417
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21988212

Scores

CVSS v3 7.5
EPSS 0.0167
EPSS Percentile 74.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (2)
ibm/api_connect < 5.0.2.0
ibm/network_path_manager < 2.1.1.9
Published Dec 01, 2016
Tracked Since Feb 18, 2026