CVE-2018-1859 — IBM API Connect vulnerability

3 documents3 sources

Severity

4.7MEDIUMNVD

CNA4.3

EPSS

0.2%

top 59.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM API Connect

Timeline

PublishedJan 4

Latest updateMay 13

Description

IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user authenticated as an administrator with limited rights to escalate their privileges. IBM X-Force ID: 151258.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LExploitability: 1.2 | Impact: 3.4

Affected Packages2 packages

▶NVDibm/api_connect5.0.0.0 — 5.0.8.4

▶CVEListV5ibm/api_connect5.0.0.0, 5.0.8.4+1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-gfm6-wvpj-vx32: IBM API Connect 5↗2022-05-13

▶

CVEList

CVE-2018-1859: IBM API Connect 5↗2019-01-04

▶