Sensitive Data Exposure in IBM API Management
CVE-2014-6172

Currently unrated

Key Information:

Vendor: IBM
Status: Api Management
Vendor: CVE Published:; 21 January 2015

Summary

IBM API Management versions prior to 3.0.4.0 IF1 may allow remote attackers to access sensitive analytics information in an encrypted format through unspecified vectors. This vulnerability highlights the need for users to ensure that their software is updated and to restrict access to the API Management components to mitigate potential information leaks.

References

http://www.securitytracker.com/id/1031613

vdb-entryx_refsource_SECTRACK

https://exchange.xforce.ibmcloud.com/vulnerabilities/98417

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21694460

x_refsource_CONFIRM

Timeline

Vulnerability published
Jan 21, 2015
Vulnerability Reserved
Sep 2, 2014