CVE-2018-1791Improper Input Validation in IBM Connections

CWE-20Improper Input Validation3 documents3 sources
Severity
4.9MEDIUMNVD
EPSS
0.2%
top 62.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Connections
Timeline
PublishedSep 14
Latest updateMay 13

Description

IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request property. By submitting suitable payloads, an attacker could exploit this vulnerability to induce the Connections server to attack other systems. IBM X-Force ID: 148946.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:LExploitability: 1.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5ibm/connections5.0, 5.5, 6.0+2
NVDibm/connections5.0, 5.5, 6.0+2

🔴Vulnerability Details

2
GHSA
GHSA-mfgj-x8hm-56jw: IBM Connections 52022-05-13
CVEList
CVE-2018-1791: IBM Connections 52018-09-14
CVE-2018-1791 — Improper Input Validation in IBM | cvebase