Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-34350

IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 230264.

Published

2023-02-08T20:15:23.793

Last Modified

2024-11-21T07:09:20.333

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	api_connect	≤ 10.0.5.0	Yes
Application	ibm	api_connect	≤ 10.0.1.7	Yes
Application	ibm	api_connect	≤ 2018.4.1.20	Yes

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/230264 VDB Entry ([email protected])
https://www.ibm.com/support/pages/node/6921243 Patch, Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/230264 VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://www.ibm.com/support/pages/node/6921243 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)