CVE-2015-0149 — MEDIUM (5.5)

Vulnerability Description

The developer portal in IBM API Management 3.0 before 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information or modify data via unspecified API calls.

CVSS Score

5.5

MEDIUM

AV:N/AC:L/Au:S/C:P/I:P/A:N

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Ibm	Api Management	3.0.0.0

Related Weaknesses (CWE)

CWE-264

References

http://www-01.ibm.com/support/docview.wss?uid=swg1LI78430
http://www-01.ibm.com/support/docview.wss?uid=swg21696693PatchVendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1LI78430
http://www-01.ibm.com/support/docview.wss?uid=swg21696693PatchVendor Advisory

FAQ

What is CVE-2015-0149?

CVE-2015-0149 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The developer portal in IBM API Management 3.0 before 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information ...

How severe is CVE-2015-0149?

CVE-2015-0149 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-0149?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Api Management.