Vulnerability CVE-2014-3036

Vulnerability Name:

CVE-2014-3036 (CCN-93302)

Assigned:

2014-06-04

Published:

2014-06-04

Updated:

2017-08-29

Summary:

Unspecified vulnerability in IBM API Management 3.0.0.0, when basic authentication is used for APIs, allows remote attackers to bypass intended restrictions on topology access, and obtain sensitive information, via unknown vectors.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2014-3036

Source: SECUNIA
Type: UNKNOWN
59044

Source: AIXAPAR
Type: UNKNOWN
LI78000

Source: CCN
Type: IBM Security Bulletin 1674232
Vulnerability which could allow for unauthorized access to an IBM API Management topology

Source: CONFIRM
Type: Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21674232

Source: BID
Type: UNKNOWN
67941

Source: CCN
Type: BID-67941
IBM API Management CVE-2014-3036 Unauthorized Access Vulnerability

Source: XF
Type: UNKNOWN
ibm-api-cve20143036-info-disc(93302)

Source: XF
Type: UNKNOWN
ibm-api-cve20143036-info-disc(93302)

Vulnerable Configuration:

Configuration 1:

cpe:/a:ibm:api_management:3.0.0.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ibm:api_management:3.0.0.0:*:*:*:*:*:*:*

AND

cpe:/a:ibm:api_management:3.0.0.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK