CVE-2018-1712 Information

Description

IBM API Connect’s Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

Reference

https://exchange.xforce.ibmcloud.com/vulnerabilities/146370 https://www-01.ibm.com/support/docview.wss?uid=ibm10716169

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

LOW

Base Score

LOW

Base Severity

9.9