CVE-2019-4444 MEDIUM

CVE-2019-4444

Vendor Ibm
Product API Connect
Published December 16, 2019
Last update September 17, 2024

CVSS base score

5.1/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.0/I:N/A:N/PR:N/AV:L/UI:N/S:U/C:H/AC:H/E:U/RC:C/RL:O

What the vulnerability does

01Description

IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. An attacker with access to the browser instance and local system credentials can steal the credentials used for registration. IBM X-Force ID: 163453.

Key dates

02Disclosure timeline

December 16, 2019 CVE published
September 17, 2024 Record updated