CVE-2018-1389

Summary

IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship allowing unauthorized modification of information. IBM X-Force ID: 138213.

Affected Software

VendorProductVersion RangeStatus
IBMAPI Connect5.0.1.0affected
IBMAPI Connect5.0.0.0affected
IBMAPI Connect5.0.2.0affected
IBMAPI Connect5.0.5.0affected
IBMAPI Connect5.0.6.0affected
IBMAPI Connect5.0.6.1affected
IBMAPI Connect5.0.6.2affected
IBMAPI Connect5.0.7.0affected
IBMAPI Connect5.0.7.1affected
IBMAPI Connect5.0.3.0affected
IBMAPI Connect5.0.4.0affected
IBMAPI Connect5.0.7.2affected
IBMAPI Connect5.0.6.3affected
IBMAPI Connect5.0.6.4affected
IBMAPI Connect5.0.8.0affected
IBMAPI Connect5.0.8.1affected
IBMAPI Connect5.0.6.5affected
IBMAPI Connect5.0.8.2affected

Weaknesses

  • Data Manipulation

ADP Enrichment

CVE Program Container

Additional References

References