Unrated severityNVD Advisory· Published Dec 20, 2018· Updated Sep 17, 2024
CVE-2018-1778
CVE-2018-1778
Description
IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4) could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to the other userâÂÂs data / access to their privileges (if the user happens to be an Admin for example). IBM X-Force ID: 148801.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 5.0.8.0
Patches
Vulnerability mechanics
References
3- www.ibm.com/support/docview.wssmitrex_refsource_CONFIRM
- www.securityfocus.com/bid/106313mitrevdb-entryx_refsource_BID
- exchange.xforce.ibmcloud.com/vulnerabilities/148801mitrevdb-entryx_refsource_XF
News mentions
0No linked articles in our index yet.