CVE-2019-4203

critical

Description

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124.

References

https://www.ibm.com/support/docview.wss?uid=ibm10880569

https://exchange.xforce.ibmcloud.com/vulnerabilities/159124

http://www.securityfocus.com/bid/107905

Details

Source: Mitre, NVD

Published: 2019-04-15

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00483