CVE-2019-4008

Critical

API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being…

ibm·CWE-532·Published 2019-02-07

CVSS

9.8

EPSS

0.02

KEV

Exploits

cve.orgen

183 chars

API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626.

NVDen

183 chars

API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626.

API Connect V2018.1, hasta la versión 2018.4.1.1, se ha visto impactada por un filtrado de tokens de acceso. Los tokens de autorización en algunas URL podrían resultar en que los tokens se escriben en archivos de registro. IBM X-Force ID: 155626.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.0	Primary	cve.org	9.0	—	—	CVSS:3.0/A:H/AC:H/AV:N/C:H/I:H/PR:N/S:C/UI:N/E:U/RC:C/RL:O
3.0	Primary	cve.org	9.0	—	—	CVSS:3.0/A:H/AC:H/AV:N/C:H/I:H/PR:N/S:C/UI:N/E:U/RC:C/RL:O
3.0	Secondary	NVD	9.0	2.2	6.0	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H