CVE-2017-1386

MEDIUM

IBM API Connect 5.0.0.0 - Auth Bypass

Title source: llm

Description

IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160.

References (3)

[Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=swg22004981

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/100008

[VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/127160

Scores

CVSS v3 5.9

EPSS 0.0022

EPSS Percentile 43.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-521

Status published

Products (29)

ibm/api_connect

... and 19 more

Published Jul 31, 2017

Tracked Since Feb 18, 2026