Description
IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by an administrator. IBM X-Force ID: 148692.
CVSS breakdown
CVSS 3.0
Availability
Low
Attack Complexity
Low
Attack Vector
Network
Confidentiality
High
Integrity
High
Privileges Required
Low
Scope
Changed
User Interaction
Required
E
Unchanged
RC
Changed
RL
O
Affected products
- ibm / api_connect5.0.0.0 – 5.0.0.0
- ibm / api_connect2018.1 – 2018.1
- ibm / api_connect5.0.8.4 – 5.0.8.4
- ibm / api_connect2018.3.6 – 2018.3.6