CVE-2019-4008
 
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626.
API Connect V2018.1, hasta la versión 2018.4.1.1, se ha visto impactada por un filtrado de tokens de acceso. Los tokens de autorización en algunas URL podrían resultar en que los tokens se escriben en archivos de registro. IBM X-Force ID: 155626.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-01-03 CVE Reserved
- 2019-02-07 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-26 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-532: Insertion of Sensitive Information into Log File
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/106961 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.ibm.com/support/docview.wss?uid=ibm10869772 | 2022-12-03 |
URL | Date | SRC |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/155626 | 2022-12-03 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ibm Search vendor "Ibm" | Api Connect Search vendor "Ibm" for product "Api Connect" | >= 2018.1.0 <= 2018.4.1.1 Search vendor "Ibm" for product "Api Connect" and version " >= 2018.1.0 <= 2018.4.1.1" | - |
Affected
|