PT-2018-12249 · Strongloop+1 · Loopback+1

Publicado

2018-04-30

Atualizado

2019-10-03

CVE-2018-1389

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions IBM API Connect versions 5.0.0.0 through 5.0.8.2

Description The issue allows unauthorized modification of information due to generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship.

Recommendations For versions 5.0.0.0 through 5.0.8.2, consider restricting access to the LoopBack APIs until a fix is available. As a temporary workaround, review and limit the use of BelongsTo/HasMany relationships in Models to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2018-1389

Produtos afetados

Ibm Api Connect

Loopback

PT-2018-12249 · Strongloop+1 · Loopback+1

CVE-2018-1389

Identificadores relacionados

Produtos afetados

Referências · 5