CVE-2015-0149

{"id": "CVE-2015-0149", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-03-18T10:59:06.963", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI78430", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696693", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LI78430", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696693", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The developer portal in IBM API Management 3.0 before 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information or modify data via unspecified API calls."}, {"lang": "es", "value": "El portal Developer en IBM API Management 3.0 anterior a 3.0.4.1 no restringe correctamente el acceso a las APIs p\u00fablicas y privadas, lo que permite a usuarios remotos autenticados obtener informaci\u00f3n sensible o modificar datos a trav\u00e9s de llamadas a APIs no especificadas."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:api_management:3.0.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDCDCF24-B490-4FF1-BFA2-9922EFF9F0C2"}, {"criteria": "cpe:2.3:a:ibm:api_management:3.0.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "017C3809-8A10-46DF-BB47-4099D75E4562"}, {"criteria": "cpe:2.3:a:ibm:api_management:3.0.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFE5031D-0B9D-46A3-8D16-D9D3326B6632"}, {"criteria": "cpe:2.3:a:ibm:api_management:3.0.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DC31FD8-3E5D-4D76-8E6E-D882DE441573"}, {"criteria": "cpe:2.3:a:ibm:api_management:3.0.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "255965EF-423E-4E82-B005-3082A3D15CD2"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}