CVE-2019-4051
MEDIUMIBM API Connect 2018.1-2018.4.1.3 - Exposure of Sensitive System Information via URIs
Title source: llmDescription
Some URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose system specification information like the machine id, system uuid, filesystem paths, network interface names along with their mac addresses. An attacker can use this information in targeted attacks. IBM X-Force ID: 156542.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/docview.wss?uid=ibm10879395
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/156542
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/107841
Scores
CVSS v3
5.3
EPSS
0.0170
EPSS Percentile
74.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
ibm/api_connect
2018.1.0 - 2018.4.1.3
Published
Apr 08, 2019
Tracked Since
Feb 18, 2026