CVE-2014-3036 : Unspecified vulnerability in IBM API Management 3.0.0.0, when basic authenticati

Unspecified vulnerability in IBM API Management 3.0.0.0, when basic authentication is used for APIs, allows remote attackers to bypass intended restrictions on topology access, and obtain sensitive information, via unknown vectors.

Published 2014-06-08 23:55:02

Updated 2017-08-29 01:34:36

Source IBM Corporation

View at NVD, CVE.org

Products affected by CVE-2014-3036

IBM » Api Management » Version: 3.0.0.0
cpe:2.3:a:ibm:api_management:3.0.0.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-3036

EPSS FAQ

0.22%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 42 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-3036

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2014-3036

http://www-01.ibm.com/support/docview.wss?uid=swg21674232

IBM notice: The page you requested cannot be displayed
Vendor Advisory
http://www.securityfocus.com/bid/67941

IBM API Management CVE-2014-3036 Unauthorized Access Vulnerability
http://www-01.ibm.com/support/docview.wss?uid=swg1LI78000

IBM notice: The page you requested cannot be displayed
https://exchange.xforce.ibmcloud.com/vulnerabilities/93302

IBM API Management topology information disclosure CVE-2014-3036 Vulnerability Report

Jump to

Vulnerability Details : CVE-2014-3036

Products affected by CVE-2014-3036

Exploit prediction scoring system (EPSS) score for CVE-2014-3036

CVSS scores for CVE-2014-3036

References for CVE-2014-3036