Code Injection Vulnerability in IBM API Connect Affects Multiple Versions
CVE-2021-29772

5.6MEDIUM

Key Information:

Vendor
IBM
Status
Api Connect
Vendor
CVE Published:
26 August 2021

Summary

IBM API Connect versions 5.0.0.0 through 5.0.8.11 contain a vulnerability that allows attackers to potentially exploit unsanitized user input. This could lead to unauthorized code execution, compromising the security of applications utilizing the affected product. Proper input validation should be implemented to mitigate these risks.

Affected Version(s)

API Connect 5.0.0.0

API Connect 5.0.8.11

References

https://www.ibm.com/support/pages/node/6483655
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/202774
vdb-entryx_refsource_XF

CVSS V3.1

Score:
5.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.