CVE-2018-1712Cross-Site Request Forgery in IBM API Connect

CWE-352Cross-Site Request Forgery4 documents4 sources
Severity
9.9CRITICALNVD
CNA8.6
EPSS
0.1%
top 70.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM API Connect
Timeline
PublishedAug 16
Latest updateMay 13

Description

IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:LExploitability: 3.9 | Impact: 5.3

Affected Packages2 packages

NVDibm/api_connect5.0.0.05.0.8.3
CVEListV5ibm/api_connect21 versions+20

🔴Vulnerability Details

2
GHSA
GHSA-g25j-xhg4-fhj4: IBM API Connect's Developer Portal 52022-05-13
CVEList
CVE-2018-1712: IBM API Connect's Developer Portal 52018-08-16

💬Community

1
Bugzilla
CVE-2018-18955 kernel: Privilege escalation in map_write() in kernel/user_namespace.c2018-11-19
CVE-2018-1712 — Cross-Site Request Forgery in IBM | cvebase