admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-07 21:47:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-08-16 15:05:15 -04:00
parent 058ce5aaf0
commit 6b47f0314f
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
1 changed files with 52 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
2018/1xxx/CVE-2018-1712.json
View File

@ -1,63 +1,18 @@
{
"CVE_data_meta" : {
"DATE_PUBLIC" : "2018-08-15T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-1712"
},
"references" : {
"reference_data" : [
{
"url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10716169",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 0716169",
"name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10716169"
},
{
"name" : "ibm-api-cve20181712-ssrf (146370)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/146370",
"refsource" : "XF"
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370.",
"lang" : "eng"
}
]
},
"data_version" : "4.0",
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"I" : "L",
"S" : "U",
"C" : "H",
"AC" : "L",
"UI" : "N",
"PR" : "N",
"AV" : "N",
"SCORE" : "8.600",
"A" : "L"
}
}
"DATE_PUBLIC" : "2018-08-15T00:00:00",
"ID" : "CVE-2018-1712",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "API Connect",
"version" : {
"version_data" : [
{
@ -124,15 +79,46 @@
"version_value" : "5.0.8.3"
}
]
},
"product_name" : "API Connect"
}
}
]
}
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "L",
"AC" : "L",
"AV" : "N",
"C" : "H",
"I" : "L",
"PR" : "N",
"S" : "U",
"SCORE" : "8.600",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
@ -145,6 +131,18 @@
}
]
},
"data_type" : "CVE",
"data_format" : "MITRE"
"references" : {
"reference_data" : [
{
"name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10716169",
"refsource" : "CONFIRM",
"url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10716169"
},
{
"name" : "ibm-api-cve20181712-ssrf(146370)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/146370"
}
]
}
}