Description
API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626.
CVSS breakdown
CVSS 3.0
Availability
High
Attack Complexity
High
Attack Vector
Network
Confidentiality
High
Integrity
High
Privileges Required
None
Scope
Changed
User Interaction
None
E
Unchanged
RC
Changed
RL
O
Affected products
- ibm / api_connect2018.1 – 2018.1
- ibm / api_connect2018.4.1.1 – 2018.4.1.1