CVE-2019-4051

CVSS 5.3 MEDIUMEPSS 1.7%

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.3EPSS 1.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

08 Apr 2019Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Some URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose system specification information like the machine id, system uuid, filesystem paths, network interface names along with their mac addresses. An attacker can use this information in targeted attacks. IBM X-Force ID: 156542.

CVSS:3.0/S:U/UI:N/AV:N/A:N/PR:N/I:N/AC:L/C:L/RC:C/E:U/RL:O

Affected products

IBM · API Connect

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/156542 https://www.ibm.com/support/docview.wss?uid=ibm10879395 http://www.securityfocus.com/bid/107841