Vulnerability Name: | CVE-2018-1712 (CCN-146370) | ||||||||||||
Assigned: | 2017-12-13 | ||||||||||||
Published: | 2018-08-15 | ||||||||||||
Updated: | 2019-10-09 | ||||||||||||
Summary: | IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370. | ||||||||||||
CVSS v3 Severity: | 9.9 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L) 8.6 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L/E:U/RL:O/RC:C)
7.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||
Vulnerability Type: | CWE-352 | ||||||||||||
Vulnerability Consequences: | Obtain Information | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2018-1712 Source: XF Type: UNKNOWN ibm-api-cve20181712-ssrf(146370) Source: XF Type: VDB Entry, Vendor Advisory ibm-api-cve20181712-ssrf(146370) Source: CCN Type: IBM Security Bulletin 0716169 IBM API Connect Developer Portal is vulnerable to Server Side Request Forgery (CVE-2018-1712) Source: CONFIRM Type: Vendor Advisory https://www-01.ibm.com/support/docview.wss?uid=ibm10716169 | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
BACK |