PT-2018-14187 · Ibm · Ibm Api Connect
Publicado
2018-11-09
·
Atualizado
2020-08-24
·
CVE-2018-1774
CVSS v3.1
7.8
Alta
| Vetor | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IBM API Connect versions 5.0.0.0 through 5.0.8.4
IBM API Connect version 2018.1
IBM API Connect version 2018.3.6
Description
The issue allows for CSV injection via the developer portal and analytics, potentially containing malicious commands that would be executed once opened by an administrator.
Recommendations
For IBM API Connect versions 5.0.0.0 through 5.0.8.4, update to a version that fixes the CSV injection issue.
For IBM API Connect version 2018.1, update to a version that fixes the CSV injection issue.
For IBM API Connect version 2018.3.6, update to a version that fixes the CSV injection issue.
As a temporary workaround, consider restricting access to the developer portal and analytics to minimize the risk of exploitation.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ibm Api Connect