Lucene search

IbmCVELIST:CVE-2018-1774

HistoryNov 09, 2018 - 12:00 a.m.

CVE-2018-1774

2018-11-0900:00:00

ibm

www.cve.org

CVSS3

8.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

27.0%

JSON

IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by an administrator. IBM X-Force ID: 148692.

CNA Affected

[
  {
    "product": "API Connect",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "5.0.0.0"
      },
      {
        "status": "affected",
        "version": "2018.1"
      },
      {
        "status": "affected",
        "version": "5.0.8.4"
      },
      {
        "status": "affected",
        "version": "2018.3.6"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/148692

www.ibm.com/support/docview.wss?uid=ibm10737867

CVSS3

8.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

27.0%

JSON

Related for CVELIST:CVE-2018-1774