diff --git a/2018/1xxx/CVE-2018-1712.json b/2018/1xxx/CVE-2018-1712.json index 5c4dc3ff645..faa87f9668a 100644 --- a/2018/1xxx/CVE-2018-1712.json +++ b/2018/1xxx/CVE-2018-1712.json @@ -1,18 +1,150 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-1712", - "STATE" : "RESERVED" + "DATE_PUBLIC" : "2018-08-15T00:00:00", + "STATE" : "PUBLIC", + "ASSIGNER" : "psirt@us.ibm.com", + "ID" : "CVE-2018-1712" + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10716169", + "refsource" : "CONFIRM", + "title" : "IBM Security Bulletin 0716169", + "name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10716169" + }, + { + "name" : "ibm-api-cve20181712-ssrf (146370)", + "title" : "X-Force Vulnerability Report", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/146370", + "refsource" : "XF" + } + ] }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", "description" : { "description_data" : [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370.", + "lang" : "eng" } ] - } + }, + "data_version" : "4.0", + "impact" : { + "cvssv3" : { + "TM" : { + "RC" : "C", + "RL" : "O", + "E" : "U" + }, + "BM" : { + "I" : "L", + "S" : "U", + "C" : "H", + "AC" : "L", + "UI" : "N", + "PR" : "N", + "AV" : "N", + "SCORE" : "8.600", + "A" : "L" + } + } + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "vendor_name" : "IBM", + "product" : { + "product_data" : [ + { + "version" : { + "version_data" : [ + { + "version_value" : "5.0.1.0" + }, + { + "version_value" : "5.0.0.0" + }, + { + "version_value" : "5.0.0.1" + }, + { + "version_value" : "5.0.2.0" + }, + { + "version_value" : "5.0.5.0" + }, + { + "version_value" : "5.0.6.0" + }, + { + "version_value" : "5.0.6.1" + }, + { + "version_value" : "5.0.6.2" + }, + { + "version_value" : "5.0.7.0" + }, + { + "version_value" : "5.0.7.1" + }, + { + "version_value" : "5.0.3.0" + }, + { + "version_value" : "5.0.4.0" + }, + { + "version_value" : "5.0.7.2" + }, + { + "version_value" : "5.0.6.3" + }, + { + "version_value" : "5.0.6.4" + }, + { + "version_value" : "5.0.8.0" + }, + { + "version_value" : "5.0.8.1" + }, + { + "version_value" : "5.0.6.5" + }, + { + "version_value" : "5.0.6.6" + }, + { + "version_value" : "5.0.8.2" + }, + { + "version_value" : "5.0.8.3" + } + ] + }, + "product_name" : "API Connect" + } + ] + } + } + ] + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] + } + ] + }, + "data_type" : "CVE", + "data_format" : "MITRE" }