CVE-2022-34350— IBM API Connect security bypass

CVSS 5.3 · Medium EPSS 0.39% · P60 Updated Mar 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-34350

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

IBM API Connect security bypass

Source: NVD (National Vulnerability Database)

Vulnerability Description

IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 230264.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

IBM API Connect 输入验证错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

IBM API Connect（APIConnect）是美国国际商业机器（IBM）公司的一套用于管理API生命周期的集成解决方案。该产品支持创建、运行、管理和保护API和微服务等。 IBM API Connect 10.0.0.0版本至10.0.5.0版本、10.0.1.0版本至10.0.1.7版本、2018.4.1.0版本至2018.4.1.20版本存在安全漏洞，该漏洞源于对用户提供的输入验证不当。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
IBM	API Connect	10.0.0.0 ~ 10.0.5.0	-

II. Public POCs for CVE-2022-34350

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-34350

请登录查看更多情报信息。

Same Patch Batch · IBM · 2023-02-08 · 7 CVEs total

CVE-2022-42438	7.5 HIGH	IBM Cloud Pak for Multicloud Management Monitoring privilege escalation
CVE-2022-43869	6.5 MEDIUM	IBM Spectrum Scale denial of service
CVE-2022-34362	4.6 MEDIUM	IBM Sterling Secure Proxy HOST header injection
CVE-2023-23475	4.6 MEDIUM	IBM Infosphere Information Server cross-site scripting
CVE-2022-42436	4.0 MEDIUM	IBM MQ information disclosure
CVE-2022-35720	2.3 LOW	IBM Sterling External Authentication Server information disclosure

IV. Related Vulnerabilities

Same product: API Connect

Same vendor: IBM

V. Comments for CVE-2022-34350

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-34350— IBM API Connect security bypass

I. Basic Information for CVE-2022-34350

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-34350

III. Intelligence Information for CVE-2022-34350

Same Patch Batch · IBM · 2023-02-08 · 7 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2022-34350

Leave a comment