CVE-2018-1932
published 2019-01-08CVE-2018-1932: IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a vulnerability in the role-based access control in the management server that could allow an…
PriorityP182medium4.9CVSS 3.0
AVNACLPRHUINSUCHINAN
ITWVulnCheck KEVRansomware
Exploited in the wild
EPSS
3.23%
86.7th percentile
IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a vulnerability in the role-based access control in the management server that could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 153175.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | api_connect | — | — |
| ibm | api_connect | — | — |
| ibm | api_connect | 5.0.0.0 – 5.0.8.4 | — |
CVSS provenance
nvdv3.04.9MEDIUMCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vulncheck4.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-ffr8-3w9r-g74m: IBM API Connect 5
ghsa_unreviewed·2022-05-13
CVE-2018-1932 [MEDIUM] CWE-200 GHSA-ffr8-3w9r-g74m: IBM API Connect 5
IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a vulnerability in the role-based access control in the management server that could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 153175.
VulnCheck
IBM api_connect Exposure of Sensitive Information to an Unauthorized Actor
vulncheck·2018·CVSS 4.9
CVE-2018-1932 [MEDIUM] IBM api_connect Exposure of Sensitive Information to an Unauthorized Actor
IBM api_connect Exposure of Sensitive Information to an Unauthorized Actor
IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a vulnerability in the role-based access control in the management server that could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 153175.
Affected: IBM api_connect
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Known Ransomware Campaign Use: Known
Exploitation References: https://info.securin.io/hubfs/Securin%20Ransomware%20Report%202023.pdf
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-1100 zsh: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code execution
bugzilla·2018-04-03·CVSS 7.8
CVE-2018-1100 [HIGH] CVE-2018-1100 zsh: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code execution
CVE-2018-1100 zsh: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code execution
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user.
Discussion:
Acknowledgments:
Name: Richard Maciel Costa (Red Hat)
---
Created zsh tracking bugs for this issue:
Affects: fedora-all [bug 1563396]
---
*** Bug 1563394 has been marked as a duplicate of this bug. ***
---
Fixed by upstream patch:
https://sourceforge.net/p/zsh/code/ci/31f72205630687c1cef89347863aab355296a27f/
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Via RHSA-2018:1932 https://access.redhat.com/errata/RHSA-2018:1
Bugzilla
CVE-2018-1083 zsh: Stack-based buffer overflow in gen_matches_files() at compctl.c
bugzilla·2018-03-16·CVSS 7.8
CVE-2018-1083 [HIGH] CVE-2018-1083 zsh: Stack-based buffer overflow in gen_matches_files() at compctl.c
CVE-2018-1083 zsh: Stack-based buffer overflow in gen_matches_files() at compctl.c
zsh is vulnerable to a stack-based buffer overflow in the gen_matches_files() function. A local attacker could exploit this through tab completion of directories with long names leading to arbitrary code execution.
Discussion:
Upstream Patch:
https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7
---
Created zsh tracking bugs for this issue:
Affects: fedora-all [bug 1560696]
---
Acknowledgments:
Name: Richard Maciel Costa (Red Hat)
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Via RHSA-2018:1932 https://access.redhat.com/errata/RHSA-2018:1932
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux
http://www.ibm.com/support/docview.wss?uid=ibm10793601http://www.securityfocus.com/bid/106486https://exchange.xforce.ibmcloud.com/vulnerabilities/153175http://www.ibm.com/support/docview.wss?uid=ibm10793601http://www.securityfocus.com/bid/106486https://exchange.xforce.ibmcloud.com/vulnerabilities/153175
2019-01-08
Published
Exploited in the wild