Home

CVE-2018-25031

Description

Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parties have indicated this is not resolved in 4.1.3 and even occurs in that version and possibly others.

Risk Information

Base Score
4.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
82.487

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 20.0.0.2Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.4.0Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.4.1Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.4.2Windows
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 18.0.0.1Windows
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 19.0.0.3Windows
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 21.0.2Windows
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 21.0.3Windows
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 22.0.1Windows
Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.0Windows
Vulnerabilities CVE-2018-25031 are fixed in WebJars - swagger-ui 4.1.3Windows
Vulnerabilities CVE-2018-25031 are fixed in WebJars - swagger-ui for Linux 4.1.3Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234