CVE-2018-2015

CWE-20Improper Input ValidationCWE-502Deserialization of Untrusted Data27 documents15 sources
Severity
6.1MEDIUM
EPSS
0.2%
top 59.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM API Connect
Timeline
PublishedMay 2
Latest updateMay 24

Description

IBM API Connect 2018.1 and 2018.4.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 155195.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:NExploitability: 3.1 | Impact: 2.7

Affected Packages2 packages

NVDibm/api_connect2018.1.02018.4.1.4
CVEListV5ibm/api_connect2018.1, 2018.4.1.4+1

🔴Vulnerability Details

4
GHSA
GHSA-cg4w-8xg5-98hg: IBM API Connect 20182022-05-24
GHSA
Apache NiFi JMS Deserialization issue2022-05-14
OSV
drupal7 vulnerabilities2021-03-15
CVEList
CVE-2018-2015: IBM API Connect 20182019-05-02

💥Exploits & PoCs

2
Exploit-DB
Siemens SIMATIC S7-300 CPU - Remote Denial of Service2018-05-30
Exploit-DB
Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery2018-05-21

💬Community

4
Bugzilla
CVE-2018-3214 OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361)2018-10-15
Bugzilla
CVE-2018-18065 net-snmp: NULL pointer exception in _set_key in agent/helpers/table_container.c resulting in a denial of service2018-10-09
Bugzilla
CVE-2018-14567 libxml2: Infinite loop caused by incorrect error detection during LZMA decompression2018-08-22
Bugzilla
CVE-2018-10908 vdsm: calls to qemu-img are not protected by prlimit/ulimit2018-07-20
CVE-2018-2015 (MEDIUM CVSS 6.1) | IBM API Connect 2018.1 and 2018.4.1 | cvebase.io