Sensitive Information Exposure in IBM API Connect Product
CVE-2020-4640
3.4LOW
What is CVE-2020-4640?
Certain configurations of IBM API Connect versions 10.0.0.0 to 10.0.1.0 and 2018.4.1.0 to 2018.4.1.13 may lead to exposure of sensitive information via URL fragment identifiers. This information can be cached by intermediary systems, such as proxy servers and logging platforms, potentially allowing an attacker to impersonate a user and exploit the exposed data for malicious activities.
Affected Version(s)
API Connect 2018.4.1.0
API Connect 2018.4.1.13
API Connect 10.0.0.0