IBM API Connect up to 5.0.7.2 input validation

A vulnerability was found in IBM API Connect up to 5.0.7.2 (Automation Software). It has been classified as critical. Affected is an unknown part of the component API. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field	11/19/2019 03:52 PM	01/14/2021 01:05 PM	01/14/2021 01:11 PM
type	Automation Software	Automation Software	Automation Software
vendor	IBM	IBM	IBM
name	API Connect	API Connect	API Connect
version	<=5.0.7.2	<=5.0.7.2	<=5.0.7.2
component	API	API	API
cwe	20 (privilege escalation)	20 (privilege escalation)	20 (privilege escalation)
risk	2	2	2
cvss2_vuldb_basescore	6.0	6.0	6.0
cvss2_vuldb_tempscore	6.0	6.0	6.0
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	M	M	M
cvss2_vuldb_au	S	S	S
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_nvd_av	N	N	N
cvss2_nvd_ac	L	L	L
cvss2_nvd_au	S	S	S
cvss2_nvd_ci	N	N	N
cvss2_nvd_ii	P	P	P
cvss2_nvd_ai	N	N	N
cvss3_meta_basescore	5.3	5.3	5.3
cvss3_meta_tempscore	5.3	5.3	5.3
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	6.3	6.3	6.3
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_nvd_av	N	N	N
cvss3_nvd_ac	L	L	L
cvss3_nvd_pr	L	L	L
cvss3_nvd_ui	N	N	N
cvss3_nvd_s	U	U	U
cvss3_nvd_c	N	N	N
cvss3_nvd_i	L	L	L
cvss3_nvd_a	N	N	N
date	1506297600 (09/25/2017)	1506297600 (09/25/2017)	1506297600 (09/25/2017)
url	http://www.ibm.com/support/docview.wss?uid=swg22008588	http://www.ibm.com/support/docview.wss?uid=swg22008588	http://www.ibm.com/support/docview.wss?uid=swg22008588
price_0day	$5k-$25k	$5k-$25k	$5k-$25k
price_trend	+	+	+
cve	CVE-2017-1555	CVE-2017-1555	CVE-2017-1555
cve_assigned	1480464000	1480464000	1480464000
cve_nvd_published	1506297600	1506297600	1506297600
cve_nvd_summary	IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545.	IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545.	IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545.
securityfocus	100973	100973	100973
securityfocus_title	IBM API Connect CVE-2017-1555 Security Bypass Vulnerability	IBM API Connect CVE-2017-1555 Security Bypass Vulnerability	IBM API Connect CVE-2017-1555 Security Bypass Vulnerability
seealso	107123	107123	107123
location	Website	Website	Website
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	ND	ND	ND
cvss2_vuldb_rc	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	X	X	X
cvss3_vuldb_rc	X	X	X
0day_days	4	4	4
cvss3_nvd_basescore	4.3	4.3	4.3
discoverydate	1505952000	1505952000	1505952000
confirm_url	http://www.ibm.com/support/docview.wss?uid=swg22008588	http://www.ibm.com/support/docview.wss?uid=swg22008588	http://www.ibm.com/support/docview.wss?uid=swg22008588
securityfocus_date	1505952000 (09/21/2017)	1505952000 (09/21/2017)	1505952000 (09/21/2017)
securityfocus_class	Design Error	Design Error	Design Error
xforce		131545	131545
cvss2_nvd_basescore		4.0	4.0
person_name			IBM.

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!