Impersonation Vulnerability in IBM API Connect
CVE-2020-4903

4.8MEDIUM

Key Information:

Vendor: IBM
Status: Api Connect
Vendor: CVE Published:; 8 March 2021

Summary

A security vulnerability in IBM API Connect versions V10 and V2018 allows an attacker to exploit intercepted registration invitation links. This flaw could enable the attacker to impersonate legitimate users, potentially leading to unauthorized access and exposure of sensitive information. Proper security measures are essential to prevent such exploits.

Affected Version(s)

API Connect 2018.4.1.0

API Connect 2018.4.1.13

API Connect 10.0.0.0

References

https://www.ibm.com/support/pages/node/6426703

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/191105

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 8, 2021
Vulnerability Reserved
Dec 30, 2019