PT-2019-16838 · Ibm · Api Connect
Published
2019-02-07
·
Updated
2022-12-03
·
CVE-2019-4008
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
API Connect versions 2018.1 through 2018.4.1.1
Description
The issue concerns an access token leak. Authorization tokens in some URLs can result in the tokens being written to log files.
Recommendations
For API Connect versions 2018.1 through 2018.4.1.1, consider restricting access to log files to minimize the risk of exploitation. As a temporary workaround, review and configure logging settings to avoid writing authorization tokens to log files until a patch is available.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Api Connect