CVE-2017-1551Improper Input Validation in IBM API Connect

CWE-20Improper Input Validation4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 63.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM API Connect
Timeline
PublishedSep 25
Latest updateMay 17

Description

IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131291.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5ibm/api_connect13 versions+12
NVDibm/api_connect15 versions+14

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-5mhm-5g5m-8p52: IBM API Connect 52022-05-17
CVEList
CVE-2017-1551: IBM API Connect 52017-09-25

💥Exploits & PoCs

1
Exploit-DB
UCOPIA Wireless Appliance < 5.1.8 - Local Privilege Escalation2017-10-02
CVE-2017-1551 — Improper Input Validation in IBM | cvebase