Vulnerability Description
IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Api Connect | >= 5.0.0.0, <= 5.0.8.6 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/107905Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/159124VDB EntryVendor Advisory
- https://www.ibm.com/support/docview.wss?uid=ibm10880569Vendor Advisory
- http://www.securityfocus.com/bid/107905Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/159124VDB EntryVendor Advisory
- https://www.ibm.com/support/docview.wss?uid=ibm10880569Vendor Advisory
FAQ
What is CVE-2019-4203?
CVE-2019-4203 is a vulnerability with a CVSS score of 9.8 (CRITICAL). IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124.
How severe is CVE-2019-4203?
CVE-2019-4203 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-4203?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Api Connect.