CVE-2018-1774

IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by an administrator. IBM X-Force ID: 148692.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.9 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
ibmCNA
8.9 HIGH
NETWORK
LOW
LOW
CVSS:3.0/A:L/AC:L/AV:N/C:H/I:H/PR:L/S:C/UI:R/E:U/RC:C/RL:O
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
ibmapi_connect
5.0.0.0 ≤
𝑥
≤ 5.0.8.4
ibmapi_connect
2018.1.0 ≤
𝑥
≤ 2018.3.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/148692
https://www.ibm.com/support/docview.wss?uid=ibm10737867
https://exchange.xforce.ibmcloud.com/vulnerabilities/148692
https://www.ibm.com/support/docview.wss?uid=ibm10737867