CVE-2018-2009: Infoleak
First published: Mon Mar 11 2019(Updated: )
IBM API Connect v2018.1 and 2018.4.1 is affected by an information disclosure vulnerability in the consumer API. Any registered user can obtain a list of all other users in all other orgs, including email id/names, etc. IBM X-Force ID: 155148.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| API Connect CLI Plugins | >=2018.1.0<=2018.4.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-2009?
CVE-2018-2009 is classified as an information disclosure vulnerability.
How do I fix CVE-2018-2009?
To mitigate CVE-2018-2009, users should upgrade to a version of IBM API Connect that is not vulnerable, ideally beyond version 2018.4.1.
Who is affected by CVE-2018-2009?
Any registered user of IBM API Connect versions 2018.1 and 2018.4.1 is affected by CVE-2018-2009.
What type of data is exposed in CVE-2018-2009?
CVE-2018-2009 allows an attacker to obtain information such as the list of all users and their email IDs from different organizations.
What versions of IBM API Connect are vulnerable to CVE-2018-2009?
IBM API Connect versions 2018.1 and 2018.4.1 are vulnerable to CVE-2018-2009.
- agent/type
- agent/softwarecombine
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/api connect cli plugins
- version/api connect cli plugins/2018.1.0
- version/api connect cli plugins/2018.4.1.0