What is CVE-2022-34350?

CVE-2022-34350 is a vulnerability in IBM API Connect that allows for an External Service Interaction attack due to improper validation of user-supplied input.

What is the severity of CVE-2022-34350?

CVE-2022-34350 has a severity rating of 7.5 (high).

How can an attacker exploit CVE-2022-34350?

An attacker can exploit CVE-2022-34350 by leveraging the vulnerability to induce the application to perform external service interactions.

Are there any references for CVE-2022-34350?

Yes, you can find more information about CVE-2022-34350 at the following references: [Link 1](https://exchange.xforce.ibmcloud.com/vulnerabilities/230264), [Link 2](https://www.ibm.com/support/pages/node/6921243).

Vulnerability/
CVE-2022-34350

high

7.5

CWE

1/2/2023

8/2/2023

3/8/2024

CVE-2022-34350: IBM API Connect security bypass

Q: Which versions of IBM API Connect are affected by CVE-2022-34350?

IBM API Connect versions 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 are affected by CVE-2022-34350.

First published: Wed Feb 01 2023(Updated: )

IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 230264.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM API Connect	>=10.0.0.0<=10.0.5.0
IBM API Connect	>=10.0.1.0<=10.0.1.7
IBM API Connect	>=2018.4.1.0<=2018.4.1.20
IBM API Connect V10.0.0.0 - V10.0.5.0
IBM API Connect V10.0.1.0 - V10.0.1.7
IBM API Connect V2018.4.1.0 - V2018.4.1.20

Remedy

https://www.ibm.com/support/pages/node/6921243

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6921243

Frequently Asked Questions

What is CVE-2022-34350?
CVE-2022-34350 is a vulnerability in IBM API Connect that allows for an External Service Interaction attack due to improper validation of user-supplied input.
Which versions of IBM API Connect are affected by CVE-2022-34350?
IBM API Connect versions 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 are affected by CVE-2022-34350.
What is the severity of CVE-2022-34350?
CVE-2022-34350 has a severity rating of 7.5 (high).
How can an attacker exploit CVE-2022-34350?
An attacker can exploit CVE-2022-34350 by leveraging the vulnerability to induce the application to perform external service interactions.
Are there any references for CVE-2022-34350?
Yes, you can find more information about CVE-2022-34350 at the following references: [Link 1](https://exchange.xforce.ibmcloud.com/vulnerabilities/230264), [Link 2](https://www.ibm.com/support/pages/node/6921243).

collector/nvd-index
agent/references
agent/first-publish-date
agent/softwarecombine
agent/type
collector/mitre-cve
source/MITRE
agent/title
agent/remedy
agent/last-modified-date
agent/author
agent/weakness
agent/severity
agent/description
agent/event
agent/tags
collector/ibm-support
source/IBM
agent/software-canonical-lookup
vendor/ibm
canonical/ibm api connect
version/ibm api connect/10.0.0.0
version/ibm api connect/10.0.5.0
version/ibm api connect/10.0.1.0
version/ibm api connect/10.0.1.7
version/ibm api connect/2018.4.1.0
version/ibm api connect/2018.4.1.20
canonical/ibm api connect v10.0.0.0 - v10.0.5.0
version/ibm api connect v10.0.0.0 - v10.0.5.0/undefined
canonical/ibm api connect v10.0.1.0 - v10.0.1.7
version/ibm api connect v10.0.1.0 - v10.0.1.7/undefined
canonical/ibm api connect v2018.4.1.0 - v2018.4.1.20
version/ibm api connect v2018.4.1.0 - v2018.4.1.20/undefined