CVE-2018-1712

Published: Aug 16, 2018Modified: Nov 21, 2024

9.9

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

Exploitability: 3.9 / Impact: 5.3

Source: NVD

Description

IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370.

Affected (1)

Products: Ibm: Api Connect

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ibm Api Connect	From 5.0.0.0 to 5.0.8.3

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/146370

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

https://www-01.ibm.com/support/docview.wss?uid=ibm10716169

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/146370

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

https://www-01.ibm.com/support/docview.wss?uid=ibm10716169

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.