Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMC5BD3E4B97F8C764EE728D5D388BCE6616B6525B6B82DB2662CE6ECF3019B29B
HistorySep 04, 2018 - 8:56 p.m.

Security Bulletin: IBM API Connect is vulnerable to Server Side Request Forgery (CVE-2018-1789)

2018-09-0420:56:55
www.ibm.com
11

EPSS

0.001

Percentile

33.1%

JSON

Summary

IBM API Connect has addressed the following vulnerability:

IBM API Connect is vulnerable to Server Side Request Forgery via a proxy service.

Vulnerability Details

CVEID:CVE-2018-1789
**DESCRIPTION:*IBM API Connect v2018.x could allow an attacker to send a specially crafted request to conduct a server side request forgery attack.
CVSS Base Score: 8.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148939&gt; for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L)

Affected Products and Versions

Affected API Connect Affected Versions
IBM API Connect 2018.1.0-2018.3.4

Remediation/Fixes

Product VRMF APAR Remediation / First Fix
IBM API Connect 2018.3.5 LI80291

Addressed in IBM API Connect V2018.3.5.

Management Server is impacted.

Follow this link and find the "management-images-kubernetes_v2018.3.5 " package:

http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=2018.3.4&platform=All&function=all&source=fc

Related

cve 1
prion 1
cvelist 1
nvd 1
cve
cve
CVE-2018-1789
2018-09-07 16:00:00
prion
prion
Server side request forgery (ssrf)
2018-09-07 15:29:00
cvelist
cvelist
CVE-2018-1789
2018-09-07 16:00:00
nvd
nvd
CVE-2018-1789
2018-09-07 15:29:00

EPSS

0.001

Percentile

33.1%

JSON
Related for C5BD3E4B97F8C764EE728D5D388BCE6616B6525B6B82DB2662CE6ECF3019B29B
cve1prion1cvelist1nvd1