CVE-2018-1712
HIGHIBM API Connect 5.0.0.0-5.0.8.3 - Server-Side Request Forgery
Title source: llmDescription
IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370.
References (2)
Core 2
Core References
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/146370
Vendor Advisory x_refsource_confirm
https://www-01.ibm.com/support/docview.wss?uid=ibm10716169
Scores
CVSS v3
8.6
EPSS
0.0071
EPSS Percentile
49.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Details
CWE
CWE-352
Status
published
Products (1)
ibm/api_connect
5.0.0.0 - 5.0.8.3
Published
Aug 16, 2018
Tracked Since
Feb 18, 2026