Cross-Site Scripting in IBM API Connect
CVE-2020-4707

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Api Connect
Vendor: CVE Published:; 4 August 2021

Summary

IBM API Connect versions from 5.0.0.0 to 5.0.8.11 are susceptible to a cross-site scripting vulnerability that may permit users to inject arbitrary JavaScript code through the Web UI. This security flaw can alter the intended functionalities of the application and puts user credentials at risk of exposure during a trusted session. Organizations using affected versions should apply patches or mitigations to safeguard against potential exploitation.

Affected Version(s)

API Connect 5.0.0.0

API Connect 5.0.8.11

References

https://www.ibm.com/support/pages/node/6477840

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/187370

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 4, 2021
Vulnerability Reserved
Dec 30, 2019