Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMC0837D0AA34FB35BF03D6E9376266AD5A3A676A1A886237FB7A53451389E0203
HistoryJun 15, 2018 - 7:07 a.m.

Security Bulletin: IBM API Connect Developer Portal is vulnerable to unauthenticated remote code execution (CVE-2017-1161)

2018-06-1507:07:10
www.ibm.com
7

0.002 Low

EPSS

Percentile

51.8%

JSON

Summary

An unauthenticated remote code execution vulnerability affects IBM API Connect Developer Portal. IBM has addressed this vulnerability.

Vulnerability Details

CVEID: CVE-2017-1161**
DESCRIPTION:** IBM API Connect could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the privileges of the www-data user.
CVSS Base Score: 7.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/122956&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

IBM API Connect V5.0

Remediation/Fixes

Product

| VRMF|APAR|Remediation/First Fix
—|—|—|—
IBM API Connect| 5.0.x| LI79401| V5.0.6.0

Workarounds and Mitigations

Workarounds: None

Mitigations: None

CPENameOperatorVersion
ibm api connecteq5.0.6.0

Related

prion 1
nvd 1
cve 1
cvelist 1
prion
prion
Input validation
2017-04-17 21:59:00
nvd
nvd
CVE-2017-1161
2017-04-17 21:59:00
cve
cve
CVE-2017-1161
2017-04-17 21:59:00
cvelist
cvelist
CVE-2017-1161
2017-04-17 21:00:00

0.002 Low

EPSS

Percentile

51.8%

JSON
Related for C0837D0AA34FB35BF03D6E9376266AD5A3A676A1A886237FB7A53451389E0203
prion1nvd1cve1cvelist1