CVE-2018-1389 — IBM API Connect vulnerability

4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 55.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM API Connect

Timeline

PublishedApr 30

Latest updateMay 13

Description

IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship allowing unauthorized modification of information. IBM X-Force ID: 138213.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/api_connect5.0.0.0 — 5.0.8.2

▶CVEListV5ibm/api_connect18 versions+17

🔴Vulnerability Details

GHSA

GHSA-p859-m696-xqv2: IBM API Connect 5↗2022-05-13

▶

CVEList

CVE-2018-1389: IBM API Connect 5↗2018-04-30

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows win32k - Using SetClassLong to Switch Between CS_CLASSDC and CS_OWNDC Corrupts DC Cache↗2018-01-05

▶