CVE-2018-1000627

CRITICAL

Battelle V2I Hub 2.5.1 - Info Disclosure

Title source: llm

Description

Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system.

References (1)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/147304

Scores

CVSS v3 9.8

EPSS 0.0042

EPSS Percentile 61.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status published

Affected Products (1)

battelle/v2i_hub

Timeline

Published Dec 28, 2018

Tracked Since Feb 18, 2026