Web Cache Poisoning Vulnerability in IBM API Connect
CVE-2020-4828

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Api Connect
Vendor: CVE Published:; 4 February 2021

Summary

IBM API Connect versions between 10.0.0.0 and 10.0.1.0, and several releases within the 2018.4.1.x range, are susceptible to web cache poisoning due to inadequate input validation within HTTP request headers. Attackers may exploit this flaw to manipulate cached responses, potentially leading to unauthorized data exposure or user redirection. Organizations using these versions of IBM API Connect should promptly address this vulnerability to safeguard their applications and user data.

Affected Version(s)

API Connect 2018.4.1.0

API Connect 2018.4.1.13

API Connect 10.0.0.0

References

https://www.ibm.com/support/pages/node/6410498

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/189842

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 4, 2021
Vulnerability Reserved
Dec 30, 2019