CVE-2018-1774
CVE-2018-1774
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.9EPSS 1.1%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
09 Nov 2018Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by an administrator. IBM X-Force ID: 148692.
CVSS:3.0/A:L/AC:L/AV:N/C:H/I:H/PR:L/S:C/UI:R/E:U/RC:C/RL:O
Affected products
IBM · API ConnectWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →