IBM API Connect up to 5.0.7.2 input validation

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in IBM API Connect up to 5.0.7.2 (Automation Software) and classified as critical. This issue affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field09/26/2017 09:33 AM11/19/2019 03:50 PM01/14/2021 01:01 PM
cve_nvd_published150629760015062976001506297600
cve_nvd_summaryIBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131291.IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131291.IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131291.
seealso107124107124107124
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
0day_days444
cvss3_nvd_basescore6.16.16.1
typeAutomation SoftwareAutomation SoftwareAutomation Software
vendorIBMIBMIBM
nameAPI ConnectAPI ConnectAPI Connect
version<=5.0.7.2<=5.0.7.2<=5.0.7.2
cwe20 (privilege escalation)20 (privilege escalation)20 (privilege escalation)
risk111
historic000
cvss2_vuldb_basescore6.86.86.8
cvss2_vuldb_tempscore6.86.86.8
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acMMM
cvss2_nvd_auNNN
cvss2_nvd_ciPPP
cvss2_nvd_iiPPP
cvss2_nvd_aiNNN
cvss3_meta_basescore6.26.26.2
cvss3_meta_tempscore6.26.26.2
cvss3_vuldb_basescore6.36.36.3
cvss3_vuldb_tempscore6.36.36.3
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prNNN
cvss3_nvd_uiRRR
cvss3_nvd_sCCC
cvss3_nvd_cLLL
cvss3_nvd_iLLL
cvss3_nvd_aNNN
date1506297600 (09/25/2017)1506297600 (09/25/2017)1506297600 (09/25/2017)
urlhttp://www.ibm.com/support/docview.wss?uid=swg22008372http://www.ibm.com/support/docview.wss?uid=swg22008372http://www.ibm.com/support/docview.wss?uid=swg22008372
price_0day$5k-$25k$5k-$25k$5k-$25k
price_trend+++
cveCVE-2017-1551CVE-2017-1551CVE-2017-1551
cve_assigned148046400014804640001480464000
discoverydate15059520001505952000
confirm_urlhttp://www.ibm.com/support/docview.wss?uid=swg22008372http://www.ibm.com/support/docview.wss?uid=swg22008372
xforce131291
cvss2_nvd_basescore5.8

Do you want to use VulDB in your project?

Use the official API to access entries easily!