CVE-2019-4203

Published: Apr 15, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124.

Affected (1)

Products: Ibm: Api Connect

Ibm

1 product

Api Connect

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ibm Api Connect	From 5.0.0.0 to 5.0.8.6

Related CWEs

CWE-918

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (6)

http://www.securityfocus.com/bid/107905

Source: psirt@us.ibm.com

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/159124

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

https://www.ibm.com/support/docview.wss?uid=ibm10880569

Source: psirt@us.ibm.com

Vendor Advisory

http://www.securityfocus.com/bid/107905

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/159124

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

https://www.ibm.com/support/docview.wss?uid=ibm10880569

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.