CVE-2018-1932

MEDIUM EXPLOITED IN THE WILD RANSOMWARE

IBM API Connect <5.0.8.4 - Info Disclosure

Title source: llm

Description

IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a vulnerability in the role-based access control in the management server that could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 153175.

Exploits (1)

nomisec WORKING POC 2 stars

by BKreisel · poc

https://github.com/BKreisel/CVE-2018-1932X

View Code ZIP pw:eip

References (3)

[Patch, Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=ibm10793601

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/106486

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/153175

Scores

CVSS v3 4.9

EPSS 0.0547

EPSS Percentile 90.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2023-02-14

InTheWild.io 2022-05-25

Ransomware Use Confirmed

CWE

CWE-200

Status published

Products (1)

ibm/api_connect 5.0.0.0 - 5.0.8.4

Published Jan 08, 2019

Tracked Since Feb 18, 2026