Vulnerabilities > CVE-2018-1789 - Server-Side Request Forgery (SSRF) vulnerability in IBM API Connect

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

ibm

CWE-918

NVD

Published: 2018-09-07

Updated: 2019-10-09

Summary

IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM API Connect 2018.1.0 IBM API Connect 2018.2.1 IBM API Connect 2018.2.2 IBM API Connect 2018.2.3 IBM API Connect 2018.2.4 IBM API Connect 2018.2.5 IBM API Connect 2018.2.6 IBM API Connect 2018.2.7 IBM API Connect 2018.2.8 IBM API Connect 2018.2.9 IBM API Connect 2018.2.10 IBM API Connect 2018.2.11 IBM API Connect 2018.3.1 IBM API Connect 2018.3.2 IBM API Connect 2018.3.3 IBM API Connect 2018.3.4	16

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References