Lucene search

[email protected]CVE-2018-1774

HistoryNov 09, 2018 - 1:29 a.m.

CVE-2018-1774

2018-11-0901:29:00

CWE-1236

[email protected]

web.nvd.nist.gov

ibm

api connect

csv injection

vulnerability

nvd

cve-2018-1774

x-force id 148692

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.0%

JSON

IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by an administrator. IBM X-Force ID: 148692.

Affected configurations

Vulners

NVD

Node

ibmapi_connectMatch5.0.0.0

ibmapi_connectMatch2018.1

ibmapi_connectMatch5.0.8.4

ibmapi_connectMatch2018.3.6

VendorProductVersionCPE
ibmapi_connect5.0.0.0cpe:2.3:a:ibm:api_connect:5.0.0.0:*:*:*:*:*:*:*
ibmapi_connect2018.1cpe:2.3:a:ibm:api_connect:2018.1:*:*:*:*:*:*:*
ibmapi_connect5.0.8.4cpe:2.3:a:ibm:api_connect:5.0.8.4:*:*:*:*:*:*:*
ibmapi_connect2018.3.6cpe:2.3:a:ibm:api_connect:2018.3.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	api_connect	5.0.0.0	cpe:2.3:a:ibm:api_connect:5.0.0.0:::::::*
ibm	api_connect	2018.1	cpe:2.3:a:ibm:api_connect:2018.1:::::::*
ibm	api_connect	5.0.8.4	cpe:2.3:a:ibm:api_connect:5.0.8.4:::::::*
ibm	api_connect	2018.3.6	cpe:2.3:a:ibm:api_connect:2018.3.6:::::::*

CNA Affected

[
  {
    "product": "API Connect",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "5.0.0.0"
      },
      {
        "status": "affected",
        "version": "2018.1"
      },
      {
        "status": "affected",
        "version": "5.0.8.4"
      },
      {
        "status": "affected",
        "version": "2018.3.6"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/148692

www.ibm.com/support/docview.wss?uid=ibm10737867

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.0%

JSON

Related for CVE-2018-1774

prion1 nvd1 ibm1 cvelist1