CVE-2018-2007

IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 155078.

Published : 2019-04-29 17:29 Updated : 2019-10-09 23:39

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Ibm Api Connect 2018.1.0 cpe:/a:ibm:api_connect:2018.1.0
Ibm Api Connect 2018.2.1 cpe:/a:ibm:api_connect:2018.2.1
Ibm Api Connect 2018.2.2 cpe:/a:ibm:api_connect:2018.2.2
Ibm Api Connect 2018.2.3 cpe:/a:ibm:api_connect:2018.2.3
Ibm Api Connect 2018.2.4 cpe:/a:ibm:api_connect:2018.2.4
Ibm Api Connect 2018.2.5 cpe:/a:ibm:api_connect:2018.2.5
Ibm Api Connect 2018.2.6 cpe:/a:ibm:api_connect:2018.2.6
Ibm Api Connect 2018.2.7 cpe:/a:ibm:api_connect:2018.2.7
Ibm Api Connect 2018.2.8 cpe:/a:ibm:api_connect:2018.2.8
Ibm Api Connect 2018.2.9 cpe:/a:ibm:api_connect:2018.2.9
Ibm Api Connect 2018.2.10 cpe:/a:ibm:api_connect:2018.2.10
Ibm Api Connect 2018.2.11 cpe:/a:ibm:api_connect:2018.2.11
Ibm Api Connect 2018.3.1 cpe:/a:ibm:api_connect:2018.3.1
Ibm Api Connect 2018.3.2 cpe:/a:ibm:api_connect:2018.3.2
Ibm Api Connect 2018.3.3 cpe:/a:ibm:api_connect:2018.3.3
Ibm Api Connect 2018.3.4 cpe:/a:ibm:api_connect:2018.3.4
Ibm Api Connect 2018.3.5 cpe:/a:ibm:api_connect:2018.3.5
Ibm Api Connect 2018.3.6 cpe:/a:ibm:api_connect:2018.3.6
Ibm Api Connect 2018.3.7 cpe:/a:ibm:api_connect:2018.3.7
Ibm Api Connect 2018.4.1.0 cpe:/a:ibm:api_connect:2018.4.1.0
Ibm Api Connect 2018.4.1.1 cpe:/a:ibm:api_connect:2018.4.1.1
Ibm Api Connect 2018.4.1.2 cpe:/a:ibm:api_connect:2018.4.1.2
  1. Ibm (1) Search CVE
    1. Api Connect (22) Search CVE
      1. 2018.1.0
      2. 2018.2.1
      3. 2018.2.2
      4. 2018.2.3
      5. 2018.2.4
      6. 2018.2.5
      7. 2018.2.6
      8. 2018.2.7
      9. 2018.2.8
      10. 2018.2.9
      11. 2018.2.10
      12. 2018.2.11
      13. 2018.3.1
      14. 2018.3.2
      15. 2018.3.3
      16. 2018.3.4
      17. 2018.3.5
      18. 2018.3.6
      19. 2018.3.7
      20. 2018.4.1.0
      21. 2018.4.1.1
      22. 2018.4.1.2

CWE

ID Name Description Links
CWE-326 Inadequate Encryption Strength The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required. CVE

History of changes

Date Event
2019-04-30 14:48
2019-04-29 17:29

New CVE