CVE-2019-4437

IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. IBM X-force ID: 162947.

Published : 2019-08-20 20:15 Updated : 2019-10-09 23:50

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Ibm Api Connect 2018.1.0 cpe:/a:ibm:api_connect:2018.1.0
Ibm Api Connect 2018.2.1 cpe:/a:ibm:api_connect:2018.2.1
Ibm Api Connect 2018.2.2 cpe:/a:ibm:api_connect:2018.2.2
Ibm Api Connect 2018.2.3 cpe:/a:ibm:api_connect:2018.2.3
Ibm Api Connect 2018.2.4 cpe:/a:ibm:api_connect:2018.2.4
Ibm Api Connect 2018.2.5 cpe:/a:ibm:api_connect:2018.2.5
Ibm Api Connect 2018.2.6 cpe:/a:ibm:api_connect:2018.2.6
Ibm Api Connect 2018.2.7 cpe:/a:ibm:api_connect:2018.2.7
Ibm Api Connect 2018.2.8 cpe:/a:ibm:api_connect:2018.2.8
Ibm Api Connect 2018.2.9 cpe:/a:ibm:api_connect:2018.2.9
Ibm Api Connect 2018.2.10 cpe:/a:ibm:api_connect:2018.2.10
Ibm Api Connect 2018.2.11 cpe:/a:ibm:api_connect:2018.2.11
Ibm Api Connect 2018.3.1 cpe:/a:ibm:api_connect:2018.3.1
Ibm Api Connect 2018.3.2 cpe:/a:ibm:api_connect:2018.3.2
Ibm Api Connect 2018.3.3 cpe:/a:ibm:api_connect:2018.3.3
Ibm Api Connect 2018.3.4 cpe:/a:ibm:api_connect:2018.3.4
Ibm Api Connect 2018.3.5 cpe:/a:ibm:api_connect:2018.3.5
Ibm Api Connect 2018.3.6 cpe:/a:ibm:api_connect:2018.3.6
Ibm Api Connect 2018.3.7 cpe:/a:ibm:api_connect:2018.3.7
Ibm Api Connect 2018.4.1.0 cpe:/a:ibm:api_connect:2018.4.1.0
Ibm Api Connect 2018.4.1.1 cpe:/a:ibm:api_connect:2018.4.1.1
Ibm Api Connect 2018.4.1.2 cpe:/a:ibm:api_connect:2018.4.1.2
Ibm Api Connect 2018.4.1.3 cpe:/a:ibm:api_connect:2018.4.1.3
Ibm Api Connect 2018.4.1.4 cpe:/a:ibm:api_connect:2018.4.1.4
Ibm Api Connect 2018.4.1.5 cpe:/a:ibm:api_connect:2018.4.1.5
Ibm Api Connect 2018.4.1.6 cpe:/a:ibm:api_connect:2018.4.1.6
  1. Ibm (1) Search CVE
    1. Api Connect (26) Search CVE
      1. 2018.1.0
      2. 2018.2.1
      3. 2018.2.2
      4. 2018.2.3
      5. 2018.2.4
      6. 2018.2.5
      7. 2018.2.6
      8. 2018.2.7
      9. 2018.2.8
      10. 2018.2.9
      11. 2018.2.10
      12. 2018.2.11
      13. 2018.3.1
      14. 2018.3.2
      15. 2018.3.3
      16. 2018.3.4
      17. 2018.3.5
      18. 2018.3.6
      19. 2018.3.7
      20. 2018.4.1.0
      21. 2018.4.1.1
      22. 2018.4.1.2
      23. 2018.4.1.3
      24. 2018.4.1.4
      25. 2018.4.1.5
      26. 2018.4.1.6

CWE

ID Name Description Links
CWE-200 Information Exposure An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. CVE

History of changes

Date Event
2019-08-23 19:14
2019-08-20 21:15

New CVE