Vulnerability Details : CVE-2018-1712
IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370.
Vulnerability category: Cross-site request forgery (CSRF)Server-side request forgery (SSRF)
Products affected by CVE-2018-1712
- cpe:2.3:a:ibm:api_connect:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-1712
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 26 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-1712
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
|
9.9
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L |
3.9
|
5.3
|
NIST | |
|
8.6
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L |
3.9
|
4.7
|
IBM Corporation |
CWE ids for CVE-2018-1712
-
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-1712
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/146370
IBM API Connect's Developer Portal server side request forgery CVE-2018-1712 Vulnerability ReportVDB Entry;Vendor Advisory
-
https://www-01.ibm.com/support/docview.wss?uid=ibm10716169
IBM Security Bulletin: IBM API Connect Developer Portal is vulnerable to Server Side Request Forgery (CVE-2018-1712)Vendor Advisory
Jump to