CVE-2017-1161 — Improper Input Validation in Corporation API Connect

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.3HIGHNVD

EPSS

0.4%

top 40.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Corporation API Connect IBM API Connect

Timeline

PublishedApr 17

Latest updateMay 17

Description

IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the privileges of the www-data user. IBM X-Force ID: 122956.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages2 packages

▶NVDibm/api_connect5.0.6.0

▶CVEListV5ibm_corporation/api_connect5.0.6.0

🔴Vulnerability Details

GHSA

GHSA-95m8-q37x-qv6j: IBM API Connect 5↗2022-05-17

▶

CVEList

CVE-2017-1161: IBM API Connect 5↗2017-04-17

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows 10 Kernel - 'nt!NtTraceControl (EtwpSetProviderTraits)' Pool Memory Disclosure↗2017-05-15

▶