CVE-2018-2011

CWE-200 — Information Exposure CWE-287 — Improper Authentication10 documents7 sources

Severity

5.3MEDIUM

EPSS

0.5%

top 32.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM API Connect

Timeline

PublishedJun 25

Latest updateMay 24

Description

IBM API Connect 2018.1 through 2018.4.1.5 could allow an attacker to obtain sensitive information from a specially crafted HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 155150.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDibm/api_connect2018.1.0 — 2018.4.1.5

▶CVEListV5ibm/api_connect2018.1, 2018.4.1.5+1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-rg86-3c4j-wcqh: IBM API Connect 2018↗2022-05-24

▶

CVEList

CVE-2018-2011: IBM API Connect 2018↗2019-06-25

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Lync for Mac 2011 - Injection Forced Browsing/Download↗2018-12-04

▶

Exploit-DB

Paroiciel 11.20 - 'tRecIdListe' SQL Injection↗2018-11-12

▶

Exploit-DB

Joomla! Component JquickContact 1.3.2.2.1 - SQL Injection↗2018-02-16

▶

📋Vendor Advisories

Red Hat

Mozilla: Privilege escalation through IPC channel messages↗2019-01-29

▶

Microsoft

Lync for Mac 2011 Security Feature Bypass Vulnerability↗2018-09-11

▶

💬Community

Bugzilla

CVE-2018-18505 Mozilla: Privilege escalation through IPC channel messages↗2019-01-29

▶

Bugzilla

CVE-2018-15919 openssh: User enumeration via malformed packets in authentication requests↗2018-08-28

▶