Vulnerability Description
API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Api Connect | >= 2018.1.0, <= 2018.4.1.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/106961Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/155626VDB EntryVendor Advisory
- https://www.ibm.com/support/docview.wss?uid=ibm10869772PatchVendor Advisory
- http://www.securityfocus.com/bid/106961Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/155626VDB EntryVendor Advisory
- https://www.ibm.com/support/docview.wss?uid=ibm10869772PatchVendor Advisory
FAQ
What is CVE-2019-4008?
CVE-2019-4008 is a vulnerability with a CVSS score of 9.8 (CRITICAL). API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626.
How severe is CVE-2019-4008?
CVE-2019-4008 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-4008?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Api Connect.