CVE-2018-1712
8.6
CVSS:3.0/A:L/AC:L/AV:N/C:H/I:L/PR:N/S:U/UI:N/E:U/RC:C/RL:O
Summary
IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | API Connect | 5.0.1.0 | affected |
| IBM | API Connect | 5.0.0.0 | affected |
| IBM | API Connect | 5.0.0.1 | affected |
| IBM | API Connect | 5.0.2.0 | affected |
| IBM | API Connect | 5.0.5.0 | affected |
| IBM | API Connect | 5.0.6.0 | affected |
| IBM | API Connect | 5.0.6.1 | affected |
| IBM | API Connect | 5.0.6.2 | affected |
| IBM | API Connect | 5.0.7.0 | affected |
| IBM | API Connect | 5.0.7.1 | affected |
| IBM | API Connect | 5.0.3.0 | affected |
| IBM | API Connect | 5.0.4.0 | affected |
| IBM | API Connect | 5.0.7.2 | affected |
| IBM | API Connect | 5.0.6.3 | affected |
| IBM | API Connect | 5.0.6.4 | affected |
| IBM | API Connect | 5.0.8.0 | affected |
| IBM | API Connect | 5.0.8.1 | affected |
| IBM | API Connect | 5.0.6.5 | affected |
| IBM | API Connect | 5.0.6.6 | affected |
| IBM | API Connect | 5.0.8.2 | affected |
| IBM | API Connect | 5.0.8.3 | affected |
Weaknesses
- Obtain Information
ADP Enrichment
CVE Program Container
Additional References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/146370
- https://www-01.ibm.com/support/docview.wss?uid=ibm10716169
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/146370
- https://www-01.ibm.com/support/docview.wss?uid=ibm10716169
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.