CVE-2020-4640

3.4LOW

Key Information:

Vendor: IBM
Status: Api Connect
Vendor: CVE Published:; 4 February 2021

Summary

Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, logging platforms, etc. An attacker can make use of this information to perform attacks by impersonating a user. IBM X-Force ID: 185510.

Affected Version(s)

API Connect 2018.4.1.0

API Connect 2018.4.1.13

API Connect 10.0.0.0

References

https://www.ibm.com/support/pages/node/6410486

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/185510

vdb-entryx_refsource_XF

CVSS V3.1

Score:

3.4

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 4, 2021
Vulnerability Reserved
Dec 30, 2019