← back
CVE-2018-1712

CVE-2018-1712

CVSS 8.6 HIGHEPSS 0.7%
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.6EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
16 Aug 2018Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370.
CVSS:3.0/A:L/AC:L/AV:N/C:H/I:L/PR:N/S:U/UI:N/E:U/RC:C/RL:O
Affected products
IBM · API Connect