Описание
IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370.
Ссылки
- VDB EntryVendor Advisory
- Vendor Advisory
- VDB EntryVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 5.0.0.0 (включая) до 5.0.8.3 (включая)
cpe:2.3:a:ibm:api_connect:*:*:*:*:*:*:*:*
EPSS
Процентиль: 30%
0.00108
Низкий
8.6 High
CVSS3
9.9 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 9.9
github
больше 3 лет назад
IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370.
EPSS
Процентиль: 30%
0.00108
Низкий
8.6 High
CVSS3
9.9 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-352