CVE-2018-2013

CWE-200 — Information Exposure CWE-400 — Uncontrolled Resource Consumption CWE-476 — NULL Pointer Dereference CWE-284 — Improper Access Control24 documents10 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 54.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM API Connect

Timeline

PublishedJun 25

Latest updateMay 24

Description

IBM API Connect 2018.1 through 2018.4.1.5 could disclose sensitive information to an unauthorized user that could aid in further attacks against the system. IBM X-Force ID: 155193.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDibm/api_connect2018.1.0 — 2018.4.1.5

▶CVEListV5ibm/api_connect2018.1, 2018.4.1.5+1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-34rg-qhv9-9cpx: IBM API Connect 2018↗2022-05-24

▶

GHSA

Improper Access Control in Telerik Extensions↗2022-05-13

▶

CVEList

CVE-2018-2013: IBM API Connect 2018↗2019-06-25

▶

Kernel

Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next↗2018-09-25

▶

💥Exploits & PoCs

Exploit-DB

Fifthplay S.A.M.I 2019.2_HP - Persistent Cross-Site Scripting↗2020-01-29

▶

Exploit-DB

ntpd 4.2.8p10 - Out-of-Bounds Read (PoC)↗2018-11-14

▶

Exploit-DB

WebVet 0.1a - 'id' SQL Injection↗2018-11-05

▶

Exploit-DB

SEIG Modbus 3.4 - Denial of Service (PoC)↗2018-08-20

▶

Exploit-DB

SEIG Modbus 3.4 - Remote Code Execution↗2018-08-20

▶

📋Vendor Advisories

Red Hat

kernel: Information Disclosure in crypto_report_one in crypto/crypto_user.c↗2018-11-03

▶

Microsoft

Microsoft Office Elevation of Privilege Vulnerability↗2018-06-12

▶

Red Hat

kernel: denial of service via ioctl call in network tun handling↗2018-01-17

▶

Red Hat

Mozilla: Script execution in HTML mail replies (MFSA 2014-14)↗2014-02-06

▶

Red Hat

Mozilla: Script execution in HTML mail replies (MFSA 2014-14)↗2014-02-06

▶

💬Community

Bugzilla

CVE-2018-0498 CVE-2018-0497 mbedtls: Two critical flaws fixed in latest release↗2018-08-02

▶

Bugzilla

CVE-2018-10843 source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code↗2018-05-17

▶

Bugzilla

CVE-2018-1070 Routing: Malicous Service configuration can bring down routing for an entire shard.↗2018-03-08

▶

Bugzilla

CVE-2013-4317 cloudstack: Information disclosure in listProjectAccounts in the CloudStack API↗2018-02-20

▶