CVE-2017-1328 — IBM API Connect vulnerability

4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.3%

top 48.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM API Connect

Timeline

PublishedJun 27

Latest updateMay 13

Description

IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to bypass security restrictions of the api, caused by improper handling of security policy. By crafting a suitable request, an attacker could exploit this vulnerability to bypass security and use the vulnerable API. IBM X-Force ID: 126230.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5ibm/api_connect7 versions+6

▶NVDibm/api_connect10 versions+9

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-c9jh-3w3h-g2pw: IBM API Connect 5↗2022-05-13

▶

CVEList

CVE-2017-1328: IBM API Connect 5↗2017-06-27

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows 10 - WLDP/MSHTML CLSID UMCI Bypass↗2017-10-17

▶