IBM API Connect CVE-2017-1161 Command Execution Vulnerability

IBM API Connect is prone to an arbitrary command-execution vulnerability.

An attacker can exploit this issue to execute arbitrary command on the affected system with the privileges of the www-data user. This may aid in further attacks.

IBM API Connect 5.0 is vulnerable; other versions may also be affected.

Information

Bugtraq ID: 97665
Class: Design Error
CVE: CVE-2017-1161

Remote: Yes
Local: No
Published: Mar 21 2017 12:00AM
Updated: Apr 14 2017 09:05PM
Credit: The vendor reported this issue.
Vulnerable: IBM API Connect 5.0

Not Vulnerable: IBM API Connect 5.0.6.0

References:

• IBM Homepage (IBM)
  
• swg22000316: IBM API Connect Developer Portal is vulnerable to unauthenticated r (IBM)
  

Source: www.securityfocus.com