CVE-2019-4051 Information

Description

Some URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose system specification information like the machine id system uuid filesystem paths network interface names along with their mac addresses. An attacker can use this information in targeted attacks. IBM X-Force ID: 156542.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Reference

http://www.securityfocus.com/bid/107841 https://exchange.xforce.ibmcloud.com/vulnerabilities/156542 https://www.ibm.com/support/docview.wss?uid=ibm10879395

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

5.3