CVE-2018-1712

HIGH

IBM API Connect 5.0.0.0-5.0.8.3 - Server-Side Request Forgery

Title source: llm
STIX 2.1

Description

IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370.

References (2)

Core 2
Core References
VDB Entry, Vendor Advisory vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/146370

Scores

CVSS v3 8.6
EPSS 0.0071
EPSS Percentile 49.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Details

CWE
CWE-352
Status published
Products (1)
ibm/api_connect 5.0.0.0 - 5.0.8.3
Published Aug 16, 2018
Tracked Since Feb 18, 2026