Information Disclosure Vulnerability in IBM API Connect v2018.1 and 2018.4.1: Unauthorized Access to User Data

Information Disclosure Vulnerability in IBM API Connect v2018.1 and 2018.4.1: Unauthorized Access to User Data

CVE-2018-2009 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

IBM API Connect v2018.1 and 2018.4.1 is affected by an information disclosure vulnerability in the consumer API. Any registered user can obtain a list of all other users in all other orgs, including email id/names, etc. IBM X-Force ID: 155148.

Learn more about our Api Penetration Testing.