IBM1E18FB7C21A760BD4845E8827E51C4BBA70F1EAC5B1333D97EF303CCE54B3F22Security Bulletin: IBM API Connect is affected by a clickjacking vulnerability (CVE-2018-1599)
0.001 Low
EPSS
Percentile
28.4%
Summary
IBM API Connect has addressed the following vulnerability.
API Connect could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious website, a remote attacker could exploit this vulnerability to hijack the victimβs click actions and possibly launch further attacks against the victim.
Vulnerability Details
CVEID:CVE-2018-1599
**DESCRIPTION:*IBM API Connect could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious website, a remote attacker could exploit this vulnerability to hijack the victimβs click actions and possibly launch further attacks against the victim.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/143744 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
Affected API Connect
|
Affected Versions
β|β
IBM API Connect | 5.0.0.0-5.0.8.4
IBM API Connect | 2018.1-2018.3.4
Remediation/Fixes
Affected Product
|
Addressed in VRMF
|
APAR
|
Remediation / First Fix
β|β|β|β
IBM API Connect
| 5.0.8.4 iFix | LI80218 | Addressed in IBM API Connect V5.0.8.4 iFix.
Management Server is impacted.
Follow this link and find the βAPIConnect_Managementβ package:
http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSpβ¦
IBM API Connect | 2018.3.5 | LI80218 |
Addressed in IBM API Connect V2018.3.5
Management Server is impacted.
Follow this link and find the βmanagement-images-kubernetesβ package:
https://www-945.ibm.com/support/fixcentral/swg/identifyFixes?query.pareβ¦
Workarounds and Mitigations
None
Related
0.001 Low
EPSS
Percentile
28.4%