IBM API Connect up to 5.0.7.2 input validation

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in IBM API Connect up to 5.0.7.2 (Automation Software). It has been classified as critical. Affected is an unknown part of the component API. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field11/19/2019 03:52 PM01/14/2021 01:05 PM01/14/2021 01:11 PM
typeAutomation SoftwareAutomation SoftwareAutomation Software
vendorIBMIBMIBM
nameAPI ConnectAPI ConnectAPI Connect
version<=5.0.7.2<=5.0.7.2<=5.0.7.2
componentAPIAPIAPI
cwe20 (privilege escalation)20 (privilege escalation)20 (privilege escalation)
risk222
cvss2_vuldb_basescore6.06.06.0
cvss2_vuldb_tempscore6.06.06.0
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auSSS
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acLLL
cvss2_nvd_auSSS
cvss2_nvd_ciNNN
cvss2_nvd_iiPPP
cvss2_nvd_aiNNN
cvss3_meta_basescore5.35.35.3
cvss3_meta_tempscore5.35.35.3
cvss3_vuldb_basescore6.36.36.3
cvss3_vuldb_tempscore6.36.36.3
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prLLL
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cNNN
cvss3_nvd_iLLL
cvss3_nvd_aNNN
date1506297600 (09/25/2017)1506297600 (09/25/2017)1506297600 (09/25/2017)
urlhttp://www.ibm.com/support/docview.wss?uid=swg22008588http://www.ibm.com/support/docview.wss?uid=swg22008588http://www.ibm.com/support/docview.wss?uid=swg22008588
price_0day$5k-$25k$5k-$25k$5k-$25k
price_trend+++
cveCVE-2017-1555CVE-2017-1555CVE-2017-1555
cve_assigned148046400014804640001480464000
cve_nvd_published150629760015062976001506297600
cve_nvd_summaryIBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545.IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545.IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545.
securityfocus100973100973100973
securityfocus_titleIBM API Connect CVE-2017-1555 Security Bypass VulnerabilityIBM API Connect CVE-2017-1555 Security Bypass VulnerabilityIBM API Connect CVE-2017-1555 Security Bypass Vulnerability
seealso107123107123107123
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
0day_days444
cvss3_nvd_basescore4.34.34.3
discoverydate150595200015059520001505952000
confirm_urlhttp://www.ibm.com/support/docview.wss?uid=swg22008588http://www.ibm.com/support/docview.wss?uid=swg22008588http://www.ibm.com/support/docview.wss?uid=swg22008588
securityfocus_date1505952000 (09/21/2017)1505952000 (09/21/2017)1505952000 (09/21/2017)
securityfocus_classDesign ErrorDesign ErrorDesign Error
xforce131545131545
cvss2_nvd_basescore4.04.0
person_nameIBM.

Interested in the pricing of exploits?

See the underground prices here!