Access Control Weakness in IBM API Management
CVE-2015-0149

Currently unrated

Key Information:

Vendor: IBM
Status: Api Management
Vendor: CVE Published:; 18 March 2015

What is CVE-2015-0149?

The developer portal in IBM API Management prior to version 3.0.4.1 fails to enforce proper access controls on both public and private APIs. This oversight can lead to remote authenticated users gaining unauthorized access to sensitive information or modifying data through undisclosed API calls, posing a significant risk to data integrity and confidentiality.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1LI78430

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg21696693

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 18, 2015
Vulnerability Reserved
Nov 18, 2014