Vulnerability in Ibm Api Connect
CVE-2018-1774
IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by an administrator. IBM X-Force ID: 14869…
EPSS: 0.011 (60.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.9 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L.
Affected products
- Ibm Api Connect — versions 5.0.8.4, 2018.1, 5.0.0.0
- Ibm Api_connect
Weakness classification (CWE)
References
- psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
- psirt@us.ibm.com (VDB Entry, vdb-entry, Vendor Advisory, x_refsource_XF)
Frequently asked questions
- What is CVE-2018-1774?
- CVE-2018-1774 is a high-severity vulnerability in Ibm Api Connect, classified under Improper Neutralization of Formula Elements in a CSV File. CVSS score: 8.9/10. Published 2018-11-09.
- How severe is CVE-2018-1774?
- High severity. CVSS v3 base score is 8.9 out of 10.