PT-2018-13905 · Ibm · Ibm Api Connect'S Developer Portal

David Azria

Publicado

2018-08-16

Atualizado

2019-10-09

CVE-2018-1712

CVSS v3.1

9.9

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

Name of the Vulnerable Software and Affected Versions IBM API Connect's Developer Portal versions 5.0.0.0 through 5.0.8.3

Description The issue allows an attacker to trick the server into making potentially malicious calls within the trusted network by using specially crafted input parameters. This can be exploited through Server Side Request Forgery.

Recommendations For versions 5.0.0.0 through 5.0.8.3, update to a version that contains a fix for this issue to prevent Server Side Request Forgery attacks.

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2018-1712

Produtos afetados

Ibm Api Connect'S Developer Portal

PT-2018-13905 · Ibm · Ibm Api Connect'S Developer Portal

CVE-2018-1712

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4