BID:106818

IBM API Connect CVE-2018-1774 Security Bypass Vulnerability

Info

IBM API Connect CVE-2018-1774 Security Bypass Vulnerability

Bugtraq ID:	106818
Class:	Input Validation Error
CVE:	CVE-2018-1774
Remote:	Yes
Local:	No
Published:	Nov 04 2018 12:00AM
Updated:	Nov 04 2018 12:00AM
Credit:	IBM.
Vulnerable:	IBM API Connect 2018.3.6 IBM API Connect 2018.2.5 IBM API Connect 2018.2.3 IBM API Connect 2018.2 IBM API Connect 2018.1 IBM API Connect 5.0.8.4 IBM API Connect 5.0.8.2 IBM API Connect 5.0.8.1 IBM API Connect 5.0.8.0 IBM API Connect 5.0.7.2 IBM API Connect 5.0.7.1 IBM API Connect 5.0.7.0 IBM API Connect 5.0.6.2 IBM API Connect 5.0.6.0 IBM API Connect 5.0.3.0 IBM API Connect 5.0.2.0 IBM API Connect 5.0.1.0 IBM API Connect 5.0.0.1 IBM API Connect 5.0.0.0

Not Vulnerable:

Discussion

IBM API Connect CVE-2018-1774 Security Bypass Vulnerability

IBM API Connect is prone to a security-bypass vulnerability.

Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions.

IBM API Connect 5.0.0.0 through 5.0.8.4 and 2018.1 through 2018.3.6 are vulnerable.

Exploit / POC

IBM API Connect CVE-2018-1774 Security Bypass Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

IBM API Connect CVE-2018-1774 Security Bypass Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

IBM API Connect CVE-2018-1774 Security Bypass Vulnerability

References:

IBM Homepage (IBM)
ibm10737867: IBM API Connect is vulnerable to CSV Injection (IBM)