Main Vulnerability Database Vulnerabilities #VU18279

#VU18279 OS Command Injection in IBM API Connect - CVE-2019-4202

Published: April 16, 2019

Vulnerability identifier: #VU18279

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-4202

CWE-ID: CWE-78

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
IBM API Connect

Software vendor:
IBM Corporation

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation when processing HTTP requests within the Developer Portal. A remote unauthenticated attacker can send a specially crafted HTTP request to the affected aplication and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website:

http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebS...

#VU18279 OS Command Injection in IBM API Connect - CVE-2019-4202

Description

Remediation

External links

Please verify you're human