PT-2018-14187 · Ibm · Ibm Api Connect
Published
2018-11-09
·
Updated
2020-08-24
·
CVE-2018-1774
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IBM API Connect versions 5.0.0.0 through 5.0.8.4
IBM API Connect version 2018.1
IBM API Connect version 2018.3.6
Description
The issue allows for CSV injection via the developer portal and analytics, potentially containing malicious commands that would be executed once opened by an administrator.
Recommendations
For IBM API Connect versions 5.0.0.0 through 5.0.8.4, update to a version that fixes the CSV injection issue.
For IBM API Connect version 2018.1, update to a version that fixes the CSV injection issue.
For IBM API Connect version 2018.3.6, update to a version that fixes the CSV injection issue.
As a temporary workaround, consider restricting access to the developer portal and analytics to minimize the risk of exploitation.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Api Connect