Cross-Site Scripting in IBM API Connect
CVE-2020-4707

5.4MEDIUM

Key Information:

Vendor

IBM
Status
Api Connect
Vendor
CVE Published:
4 August 2021

What is CVE-2020-4707?

IBM API Connect versions from 5.0.0.0 to 5.0.8.11 are susceptible to a cross-site scripting vulnerability that may permit users to inject arbitrary JavaScript code through the Web UI. This security flaw can alter the intended functionalities of the application and puts user credentials at risk of exposure during a trusted session. Organizations using affected versions should apply patches or mitigations to safeguard against potential exploitation.

Affected Version(s)

API Connect 5.0.0.0

API Connect 5.0.8.11

References

https://www.ibm.com/support/pages/node/6477840
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/187370
vdb-entryx_refsource_XF

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.