Description
IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370.
CVSS breakdown
CVSS 3.0
Availability
Low
Attack Complexity
Low
Attack Vector
Network
Confidentiality
High
Integrity
Low
Privileges Required
None
Scope
Unchanged
User Interaction
None
E
Unchanged
RC
Changed
RL
O
Affected products
- ibm / api_connect5.0.1.0 – 5.0.1.0
- ibm / api_connect5.0.0.0 – 5.0.0.0
- ibm / api_connect5.0.0.1 – 5.0.0.1
- ibm / api_connect5.0.2.0 – 5.0.2.0
- ibm / api_connect5.0.5.0 – 5.0.5.0
- ibm / api_connect5.0.6.0 – 5.0.6.0
- ibm / api_connect5.0.6.1 – 5.0.6.1
- ibm / api_connect5.0.6.2 – 5.0.6.2
- ibm / api_connect5.0.7.0 – 5.0.7.0
- ibm / api_connect5.0.7.1 – 5.0.7.1
- ibm / api_connect5.0.3.0 – 5.0.3.0
- ibm / api_connect5.0.4.0 – 5.0.4.0
- ibm / api_connect5.0.7.2 – 5.0.7.2
- ibm / api_connect5.0.6.3 – 5.0.6.3
- ibm / api_connect5.0.6.4 – 5.0.6.4
- ibm / api_connect5.0.8.0 – 5.0.8.0
- ibm / api_connect5.0.8.1 – 5.0.8.1
- ibm / api_connect5.0.6.5 – 5.0.6.5
- ibm / api_connect5.0.6.6 – 5.0.6.6
- ibm / api_connect5.0.8.2 – 5.0.8.2
- ibm / api_connect5.0.8.3 – 5.0.8.3