CVE-2018-1774 — Improper Neutralization of Formula Elements in a CSV File in IBM API Connect
Severity
7.8HIGHNVD
CNA8.9
EPSS
0.1%
top 70.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 9
Latest updateMay 13
Description
IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by an administrator. IBM X-Force ID: 148692.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9