CVE-2015-0149
CVE-2015-0149 is a medium-severity vulnerability in Ibm Api Management with a CVSS 2.0 base score of 5.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-264.
Key facts
- Severity: Medium (CVSS 2.0 base score 5.5)
- EPSS exploit prediction: 1% (56th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-264
- Affected product: Ibm Api Management
- Published:
- Last modified:
Description
The developer portal in IBM API Management 3.0 before 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information or modify data via unspecified API calls.
Frequently asked questions
- What is CVE-2015-0149?
- The developer portal in IBM API Management 3.0 before 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information or modify data via unspecified API calls.
- How severe is CVE-2015-0149?
- CVE-2015-0149 has a CVSS 2.0 base score of 5.5, rated medium severity.
- Is CVE-2015-0149 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (56th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2015-0149?
- CVE-2015-0149 primarily affects Ibm Api Management. In total, 5 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2015-0149?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2015-0149 published?
- CVE-2015-0149 was published on 2015-03-18 and last updated on 2026-06-17.
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1LI78430
- http://www-01.ibm.com/support/docview.wss?uid=swg21696693
Affected products (5)
- cpe:2.3:a:ibm:api_management:3.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:api_management:3.0.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:api_management:3.0.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:api_management:3.0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:api_management:3.0.4.0:*:*:*:*:*:*:*
More vulnerabilities in Ibm Api Management
- CVE-2013-0559 — Medium (CVSS 6.4): Unspecified vulnerability in IBM API Management 2.0 before 2.0.0.1 allows remote attackers to access tenant APIs, and…
- CVE-2017-1386 — Medium (CVSS 5.9): IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could…
- CVE-2014-6172 — Medium (CVSS 5.0): IBM API Management 3.0 before 3.0.4.0 IF1 allows remote attackers to obtain sensitive analytics information in an…
- CVE-2014-3036 — Medium (CVSS 4.3): Unspecified vulnerability in IBM API Management 3.0.0.0, when basic authentication is used for APIs, allows remote…
- CVE-2014-6133 — Low (CVSS 2.1): IBM API Management 3.x before 3.0.1.0 allows local users to obtain sensitive ciphertext information via unspecified…
All CVEs affecting Ibm Api Management →
Other CWE-264 (Permissions, Privileges, and Access Controls) vulnerabilities
- CVE-2016-8363 — Critical (CVSS 10.0): An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232…
- CVE-2016-7457 — Critical (CVSS 10.0): VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt…
- CVE-2015-7425 — Critical (CVSS 10.0): The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data…
- CVE-2015-8267 — Critical (CVSS 10.0): The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self…
- CVE-2015-7919 — Critical (CVSS 10.0): SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of…
- CVE-2015-7071 — Critical (CVSS 10.0): The File Bookmark component in Apple OS X before 10.11.2 allows attackers to bypass a sandbox protection mechanism for…
Browse all CWE-264 (Permissions, Privileges, and Access Controls) vulnerabilities →