CVE-2018-1532

🗓️ 31 May 2018 21:00:00Reported by ibmType

IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 142430. NV

Reporter	Title	Published	Views	Family All 6
IBM Security Bulletins	Security Bulletin: API Connect is affected by a session management vulnerability (CVE-2018-1532)	15 Jun 201807:09	–	ibm
CNVD	IBM API Connect Information Disclosure Vulnerability (CNVD-2018-10950)	1 Jun 201800:00	–	cnvd
Cvelist	CVE-2018-1532	31 May 201821:00	–	cvelist
EUVD	EUVD-2018-12111	7 Oct 202500:30	–	euvd
NVD	CVE-2018-1532	31 May 201821:29	–	nvd
Prion	Cross site request forgery (csrf)	31 May 201821:29	–	prion

NVD

Vulners

Node

ibm api_connectRange5.0.0.0–5.0.8.2

[
  {
    "product": "API Connect",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "5.0.1.0"
      },
      {
        "status": "affected",
        "version": "5.0.0.0"
      },
      {
        "status": "affected",
        "version": "5.0.2.0"
      },
      {
        "status": "affected",
        "version": "5.0.5.0"
      },
      {
        "status": "affected",
        "version": "5.0.6.0"
      },
      {
        "status": "affected",
        "version": "5.0.6.1"
      },
      {
        "status": "affected",
        "version": "5.0.6.2"
      },
      {
        "status": "affected",
        "version": "5.0.7.0"
      },
      {
        "status": "affected",
        "version": "5.0.7.1"
      },
      {
        "status": "affected",
        "version": "5.0.3.0"
      },
      {
        "status": "affected",
        "version": "5.0.4.0"
      },
      {
        "status": "affected",
        "version": "5.0.7.2"
      },
      {
        "status": "affected",
        "version": "5.0.6.3"
      },
      {
        "status": "affected",
        "version": "5.0.6.4"
      },
      {
        "status": "affected",
        "version": "5.0.8.0"
      },
      {
        "status": "affected",
        "version": "5.0.8.1"
      },
      {
        "status": "affected",
        "version": "5.0.6.5"
      },
      {
        "status": "affected",
        "version": "5.0.6.6"
      },
      {
        "status": "affected",
        "version": "5.0.8.2"
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/docview.wss
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/142430

21 Nov 2024 03:59Current

4.3Medium risk

Vulners AI Score4.3

CVSS 24

CVSS 34.3

EPSS0.00119

CWE-200