Privilege Escalation in IBM API Connect's API Manager
CVE-2020-4638

7.2HIGH

Key Information:

Vendor: IBM
Status: Api Connect
Vendor: CVE Published:; 3 September 2020

What is CVE-2020-4638?

IBM API Connect's API Manager versions 2018.4.1.0 through 2018.4.1.12 are susceptible to a vulnerability that allows an invitee to an API Provider organization to escalate their privileges by manipulating the invitation link. This flaw can potentially lead to unauthorized actions and heightened access within the API Manager, raising significant security concerns for organizations utilizing this software.

Affected Version(s)

API Connect 2018.4.1.0

API Connect 2018.4.12

References

https://www.ibm.com/support/pages/node/6324751

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/185508

vdb-entryx_refsource_XF

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 3, 2020
Vulnerability Reserved
Dec 30, 2019