Cross-Site Scripting Vulnerability in IBM API Connect
CVE-2020-4251

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Api Connect
Vendor: CVE Published:; 12 June 2020

Summary

IBM API Connect versions 5.0.0.0 through 5.0.8.8 are susceptible to a cross-site scripting flaw that allows an attacker to inject arbitrary JavaScript into the web interface. This exploit could alter the application’s intended functionality and may lead to the unauthorized disclosure of user credentials during a legitimate session. The vulnerability presents significant security risks in environments where trusted sessions are used.

Affected Version(s)

API Connect 5.0.0.0

API Connect 5.0.8.8

References

https://www.ibm.com/support/pages/node/6209125

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/175489

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 12, 2020
Vulnerability Reserved
Dec 30, 2019