CVE-2017-1328

MEDIUM

IBM API Connect 5.0.0.0-5.0.6.0 - Auth Bypass

Title source: llm

Description

IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to bypass security restrictions of the api, caused by improper handling of security policy. By crafting a suitable request, an attacker could exploit this vulnerability to bypass security and use the vulnerable API. IBM X-Force ID: 126230.

References (3)

[Patch, Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=swg22003867

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/99267

[Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/126230

Scores

CVSS v3 5.3

EPSS 0.0027

EPSS Percentile 50.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

Status published

Products (17)

ibm/api_connect

... and 7 more

Published Jun 27, 2017

Tracked Since Feb 18, 2026