Phishing Vulnerability in IBM API Connect Product
CVE-2020-4337

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Api Connect
Vendor: CVE Published:; 3 September 2020

What is CVE-2020-4337?

A vulnerability in IBM API Connect versions 2018.4.1.0 through 2018.4.1.12 may allow attackers to exploit the software by generating fraudulent user registration emails with malicious URLs, potentially leading to phishing attacks. This flaw highlights the importance of securing API communication and validating email contents to prevent misuse.

Affected Version(s)

API Connect 2018.4.1.0

API Connect 2018.4.1.12

References

https://www.ibm.com/support/pages/node/6324763

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/177933

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 3, 2020
Vulnerability Reserved
Dec 30, 2019