CVE-2018-1712
CVE-2018-1712
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.6EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
16 Aug 2018Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370.
CVSS:3.0/A:L/AC:L/AV:N/C:H/I:L/PR:N/S:U/UI:N/E:U/RC:C/RL:O
Affected products
IBM · API Connect