Main Vulnerability Database Vulnerabilities #VU18279

OS Command Injection in IBM API Connect - CVE-2019-4202

Published: April 16, 2019

Vulnerability identifier: #VU18279

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-4202

CWE-ID: CWE-78

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
IBM API Connect

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation when processing HTTP requests within the Developer Portal. A remote unauthenticated attacker can send a specially crafted HTTP request to the affected aplication and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2019-4202

Install updates from vendor's website:

http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebS...

OS Command Injection in IBM API Connect - CVE-2019-4202

Detailed vulnerability description

How to mitigate CVE-2019-4202

Sources

Please verify you're human