VDB-107123 · CVE-2017-1551 · XFDB 131291

IBM API Connect up to 5.0.7.2 input validation

A vulnerability was found in IBM API Connect up to 5.0.7.2 (Automation Software) and classified as critical. This issue affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field	09/26/2017 09:33 AM	11/19/2019 03:50 PM	01/14/2021 01:01 PM
cve_nvd_published	1506297600	1506297600	1506297600
cve_nvd_summary	IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131291.	IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131291.	IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131291.
seealso	107124	107124	107124
location	Website	Website	Website
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	ND	ND	ND
cvss2_vuldb_rc	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	X	X	X
cvss3_vuldb_rc	X	X	X
0day_days	4	4	4
cvss3_nvd_basescore	6.1	6.1	6.1
type	Automation Software	Automation Software	Automation Software
vendor	IBM	IBM	IBM
name	API Connect	API Connect	API Connect
version	<=5.0.7.2	<=5.0.7.2	<=5.0.7.2
cwe	20 (privilege escalation)	20 (privilege escalation)	20 (privilege escalation)
risk	1	1	1
historic	0	0	0
cvss2_vuldb_basescore	6.8	6.8	6.8
cvss2_vuldb_tempscore	6.8	6.8	6.8
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	M	M	M
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_nvd_av	N	N	N
cvss2_nvd_ac	M	M	M
cvss2_nvd_au	N	N	N
cvss2_nvd_ci	P	P	P
cvss2_nvd_ii	P	P	P
cvss2_nvd_ai	N	N	N
cvss3_meta_basescore	6.2	6.2	6.2
cvss3_meta_tempscore	6.2	6.2	6.2
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	6.3	6.3	6.3
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_nvd_av	N	N	N
cvss3_nvd_ac	L	L	L
cvss3_nvd_pr	N	N	N
cvss3_nvd_ui	R	R	R
cvss3_nvd_s	C	C	C
cvss3_nvd_c	L	L	L
cvss3_nvd_i	L	L	L
cvss3_nvd_a	N	N	N
date	1506297600 (09/25/2017)	1506297600 (09/25/2017)	1506297600 (09/25/2017)
url	http://www.ibm.com/support/docview.wss?uid=swg22008372	http://www.ibm.com/support/docview.wss?uid=swg22008372	http://www.ibm.com/support/docview.wss?uid=swg22008372
price_0day	$5k-$25k	$5k-$25k	$5k-$25k
price_trend	+	+	+
cve	CVE-2017-1551	CVE-2017-1551	CVE-2017-1551
cve_assigned	1480464000	1480464000	1480464000
discoverydate		1505952000	1505952000
confirm_url		http://www.ibm.com/support/docview.wss?uid=swg22008372	http://www.ibm.com/support/docview.wss?uid=swg22008372
xforce			131291
cvss2_nvd_basescore			5.8

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!