Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMB2EE5628DED7DE60E7700A8D419A659D185DABB68D091EC74E893AB43F16F5F4
HistoryJan 02, 2019 - 8:00 p.m.

Security Bulletin: IBM API Connect V5 is vulnerable to horizontal privilege escalation (CVE-2018-1859)

2019-01-0220:00:01
www.ibm.com
10

EPSS

0.001

Percentile

35.9%

JSON

Summary

IBM API Connect has addressed the following vulnerability.

Vulnerability Details

CVEID:CVE-2018-1859
**DESCRIPTION:*IBM API Connect V5 could allow a user authenticated as an administrator with limited rights to escalate their privileges.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151258&gt; for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L)

Affected Products and Versions

Affected IBM API Management Affected Versions
IBM API Connect 5.0.0.0-5.0.8.4

Remediation/Fixes

Product VRMF APAR Remediation / First Fix
IBM API Connect V5.0.8.0 - 5.0.8.4 5.0.8.5 LI80499

Addressed in IBM API Connect V5.0.8.5 fixpack.

Follow this link and find the APIConnect_Management package.

http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=5.0.8.4&platform=All&function=all&source=fc

Workarounds and Mitigations

None

Related

nvd 1
cve 1
cvelist 1
prion 1
nvd
nvd
CVE-2018-1859
2019-01-04 15:29:00
cve
cve
CVE-2018-1859
2019-01-04 15:29:00
cvelist
cvelist
CVE-2018-1859
2019-01-04 15:00:00
prion
prion
Code injection
2019-01-04 15:29:00

EPSS

0.001

Percentile

35.9%

JSON
Related for B2EE5628DED7DE60E7700A8D419A659D185DABB68D091EC74E893AB43F16F5F4
nvd1cve1cvelist1prion1