CVE-2018-1774
HIGHIBM API Connect <5.0.8.4, 2018.1, 2018.3.6 - Code Injection
Title source: llmDescription
IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by an administrator. IBM X-Force ID: 148692.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/docview.wss?uid=ibm10737867
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/148692
Scores
CVSS v3
8.9
EPSS
0.0106
EPSS Percentile
60.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
Details
CWE
CWE-1236
Status
published
Products (1)
ibm/api_connect
5.0.0.0 - 5.0.8.4
Published
Nov 09, 2018
Tracked Since
Feb 18, 2026