Weak Cryptographic Algorithms in IBM API Connect
CVE-2019-4553

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Api Connect
Vendor: CVE Published:; 24 March 2020

Summary

IBM API Connect versions 5.0.0.0 through 5.0.8.7iFix3 are affected by a vulnerability that involves the use of weaker than expected cryptographic algorithms. This security flaw could potentially allow unauthorized users to decrypt highly sensitive information, posing a significant risk to data integrity and confidentiality. Organizations using these versions should evaluate their exposure and take appropriate measures to mitigate the risks associated with this vulnerability.

Affected Version(s)

API Connect 5.0.0.0

API Connect 5.0.8.7iFix3

References

https://www.ibm.com/support/pages/node/5693588

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/165958

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 24, 2020
Vulnerability Reserved
Jan 3, 2019