CVE-2018-1973
First published: Thu Dec 20 2018(Updated: )
IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'API Administrator level access to give themselves full 'Administrator' level access through the members functionality. IBM X-Force ID: 153914.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM API Connect | >=5.0.0.0<=5.0.8.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-1973?
The severity of CVE-2018-1973 is classified as high due to the potential for an API administrator to escalate privileges.
How do I fix CVE-2018-1973?
To fix CVE-2018-1973, update IBM API Connect to a version later than 5.0.8.4.
What versions of IBM API Connect are affected by CVE-2018-1973?
IBM API Connect versions from 5.0.0.0 to 5.0.8.4 are affected by CVE-2018-1973.
What kind of access can be gained through CVE-2018-1973?
CVE-2018-1973 allows a user with limited API Administrator access to elevate themselves to full Administrator access.
Who reported CVE-2018-1973?
CVE-2018-1973 was reported by IBM X-Force as vulnerability ID 153914.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/remedy
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/ibm
- canonical/ibm api connect
- version/ibm api connect/5.0.0.0
- version/ibm api connect/5.0.8.4