- Description
- IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370.
- Source
- psirt@us.ibm.com
- NVD status
- Modified
CVSS 3.0
- Type
- Primary
- Base score
- 9.9
- Impact score
- 5.3
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- nvd@nist.gov
- CWE-352
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:api_connect:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C687196-D8CA-4070-8598-557588E47663",
"versionEndIncluding": "5.0.8.3",
"versionStartIncluding": "5.0.0.0"
}
],
"operator": "OR"
}
]
}
]