CVE-2018-1896Injection in IBM Connections

CWE-74Injection4 documents4 sources
Severity
5.4MEDIUMNVD
CNA4.6
EPSS
0.2%
top 64.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Connections
Timeline
PublishedDec 7
Latest updateMay 13

Description

IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. IBM X-Force ID: 152456.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

CVEListV5ibm/connections5.0, 5.5, 6.0+2
NVDibm/connections5.0, 5.5, 6.0+2

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-46vv-c3p4-6xqh: IBM Connections 52022-05-13
CVEList
CVE-2018-1896: IBM Connections 52018-12-07

💥Exploits & PoCs

1
Exploit-DB
Ruijie Reyee Mesh Router - Remote Code Execution (RCE) (Authenticated)2022-05-11
CVE-2018-1896 — Injection in IBM Connections | cvebase