CVE-2018-1774
8.9
CVSS:3.0/A:L/AC:L/AV:N/C:H/I:H/PR:L/S:C/UI:R/E:U/RC:C/RL:O
Summary
IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by an administrator. IBM X-Force ID: 148692.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | API Connect | 5.0.0.0 | affected |
| IBM | API Connect | 2018.1 | affected |
| IBM | API Connect | 5.0.8.4 | affected |
| IBM | API Connect | 2018.3.6 | affected |
Weaknesses
- Gain Access
ADP Enrichment
CVE Program Container
Additional References
- https://www.ibm.com/support/docview.wss?uid=ibm10737867
- https://exchange.xforce.ibmcloud.com/vulnerabilities/148692
References
- https://www.ibm.com/support/docview.wss?uid=ibm10737867
- https://exchange.xforce.ibmcloud.com/vulnerabilities/148692
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.