CVE-2019-4155

Description

IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted by a privilege escalation vulnerability when integrated with an OpenID Connect (OIDC) user registry. IBM X-Force ID: 158544.

CVSS breakdown

CVSS 3.0

Attack Complexity

Low

Confidentiality

High

Privileges Required

Low

Availability

High

Integrity

High

Attack Vector

Network

Scope

Unchanged

User Interaction

None

Changed

Unchanged

Affected products

ibm / api_connect2018.1 – 2018.1
ibm / api_connect2018.4.1.3 – 2018.4.1.3

References

MISChttp://www.ibm.com/support/docview.wss?uid=ibm10879575
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/158544
MISChttp://www.securityfocus.com/bid/107806