5.9

CVE-2017-1386

IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmApi Connect Version5.0.0.0
IbmApi Connect Version5.0.0.1
IbmApi Connect Version5.0.1.0
IbmApi Connect Version5.0.2.0
IbmApi Connect Version5.0.3.0
IbmApi Connect Version5.0.4.0
IbmApi Connect Version5.0.5.0
IbmApi Connect Version5.0.6.0
IbmApi Connect Version5.0.6.1
IbmApi Connect Version5.0.6.2
IbmApi Connect Version5.0.7.0
IbmApi Management Version4.0.0.0
IbmApi Management Version4.0.0.1
IbmApi Management Version4.0.1.0
IbmApi Management Version4.0.2.0
IbmApi Management Version4.0.2.1
IbmApi Management Version4.0.3.0
IbmApi Management Version4.0.4.0
IbmApi Management Version4.0.4.1
IbmApi Management Version4.0.4.2
IbmApi Management Version4.0.4.3
IbmApi Management Version4.0.4.4
IbmApi Management Version4.0.4.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.16% 0.63
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-521 Weak Password Requirements

The product does not require that users should have strong passwords.

http://www.ibm.com/support/docview.wss?uid=swg22004981
Vendor Advisory
http://www.securityfocus.com/bid/100008
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/127160
VDB Entry