8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
IBM API Connect has addressed the following vulnerability.
CVEID:CVE-2020-13671
**DESCRIPTION:**Drupal Core could allow a remote attacker to execute arbitrary code on the system, caused by the failure to properly sanitize certain filenames on uploaded files. By interpreting files as the incorrect extension and served as the wrong MIME type, an attacker could exploit this vulnerability to execute arbitrary PHP code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/191949 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM API Connect | IBM API Connect V5.0.0.0-5.0.8.10 |
IBM API Connect | V10.0.1.0 |
IBM API Connect | V2018.4.1.0-2018.4.1.13 |
Affected Product | Addressed in VRMF | APAR | Remediation/First Fix |
---|
IBM API Connect
V5.0.0.0-5.0.8.10
| 5.0.8.10 iFix | LI81861 |
Addressed in IBM API Connect 5.0.8.10 iFix published on or after Nov 23, 2020.
Developer Portal is impacted.
Follow this link and find the “Portal” package.
http://www.ibm.com/support/fixcentral/swg/quickorder
IBM API Connect
V2018.4.1.0-2018.4.1.13
| 2018.4.1.15|
LI81861
|
Addressed in IBM API Connect V2018.4.1.15.
Developer Portal is impacted.
Follow this link and find the “Portal” package.
http://www.ibm.com/support/fixcentral/swg/quickorder
IBM API Connect
V10.0.0.0-V10.0.1.0
| 10.0.1.1|
LI81861
|
Addressed in IBM API Connect V10.0.1.1
Developer Portal is impacted.
Follow this link and find the “Portal” package.
http://www.ibm.com/support/fixcentral/swg/quickorder
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm api connect | eq | 2018 | |
ibm api connect | eq | 5 | |
ibm api connect | eq | 10 |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P