CVE-2016-3012 Vulnerability

IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials. (CVSS:5.0) (Last Update:2016-12-01)

Vulnerability Details : IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8 includes certain internal server credentials in the software package, which might allow remote attackers to bypass intended access restrictions by leveraging knowledge of these credentials. Publish Date : 2016-12-01 Last Update Date : 2016-12-01 - CVSS Scores & Vulnerability Types CVSS Score 5.0 Confidentiality Impact Partial(There is considerable informational disclosure.) Integrity Impact None(There is no impact to the integrity of the system) Availability Impact None(There is no impact to the availability of the system.) Access Complexity Low(Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. ) Authentication Not required(Authentication is not required to exploit the vulnerability.) Gained Access None Vulnerability Type(s) Bypass a restriction or similarObtain Information CWE ID 200 - Products Affected By CVE-2016-3012 # Product Type Vendor Product Version Update Edition Language 1 Application IBM Api Connect 5.0.2.0 Version Details Vulnerabilities 2 Application IBM Network Path Manager 2.1.1.9 Version Details Vulnerabilities - Number Of Affected Versions By Product Vendor Product Vulnerable Versions IBM Api Connect 1 IBM Network Path Manager 1 - References For CVE-2016-3012 http://www-01.ibm.com/support/docview.wss?uid=swg21988212 CONFIRM http://www.securityfocus.com/bid/92417 BID 92417

- Metasploit Modules Related To CVE-2016-3012 There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)