Vulnerability Details : CVE-2019-4051
Some URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose system specification information like the machine id, system uuid, filesystem paths, network interface names along with their mac addresses. An attacker can use this information in targeted attacks. IBM X-Force ID: 156542.
Vulnerability category: Information leak
Products affected by CVE-2019-4051
- cpe:2.3:a:ibm:api_connect:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-4051
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 60 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-4051
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST | |
5.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
IBM Corporation |
CWE ids for CVE-2019-4051
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-4051
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/156542
IBM API Connect information disclosure CVE-2019-4051 Vulnerability ReportVDB Entry;Vendor Advisory
-
http://www.securityfocus.com/bid/107841
IBM API Connect CVE-2019-4051 Information Disclosure Vulnerability
-
https://www.ibm.com/support/docview.wss?uid=ibm10879395
IBM Security Bulletin: API Connect V2018 is impacted by sensitive information disclosure (CVE-2019-4051)Vendor Advisory
Jump to