IBM API Connect up to 10.0.1.0/2018.4.1.13 URL Fragment information disclosure

A vulnerability has been found in IBM API Connect up to 10.0.1.0/2018.4.1.13 (Automation Software) and classified as problematic. This vulnerability affects an unknown function of the component URL Fragment Handler.

Field	02/05/2021 08:20 AM	02/23/2021 03:28 PM
vendor	IBM	IBM
name	API Connect	API Connect
version	<=10.0.1.0/2018.4.1.13	<=10.0.1.0/2018.4.1.13
component	URL Fragment Handler	URL Fragment Handler
cwe	200 (information disclosure)	200 (information disclosure)
risk	1	1
cvss3_vuldb_av	A	A
cvss3_vuldb_ac	L	L
cvss3_vuldb_pr	L	L
cvss3_vuldb_ui	R	R
cvss3_vuldb_s	U	U
cvss3_vuldb_c	L	L
cvss3_vuldb_i	N	N
cvss3_vuldb_a	N	N
cvss3_vuldb_rl	O	O
cvss3_vuldb_rc	C	C
url	https://www.ibm.com/support/pages/node/6410486	https://www.ibm.com/support/pages/node/6410486
cve	CVE-2020-4640	CVE-2020-4640
xforce	185510	185510
date	1612479600 (02/05/2021)	1612479600 (02/05/2021)
type	Automation Software	Automation Software
cvss2_vuldb_av	A	A
cvss2_vuldb_ac	L	L
cvss2_vuldb_ci	P	P
cvss2_vuldb_ii	N	N
cvss2_vuldb_ai	N	N
cvss2_vuldb_rc	C	C
cvss2_vuldb_rl	OF	OF
cvss2_vuldb_au	S	S
cvss2_vuldb_e	ND	ND
cvss3_vuldb_e	X	X
cvss2_vuldb_basescore	2.7	2.7
cvss2_vuldb_tempscore	2.7	2.3
cvss3_vuldb_basescore	3.0	3.0
cvss3_vuldb_tempscore	3.0	2.9
cvss3_meta_basescore	3.0	3.0
cvss3_meta_tempscore	3.0	2.9
price_0day	$0-$5k	$0-$5k
price_trend	+	+
cve_assigned		1577660400
cve_nvd_summary		Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, logging platforms, etc. An attacker can make use of this information to perform attacks by impersonating a user. IBM X-Force ID: 185510.
confirm_url		https://www.ibm.com/support/pages/node/6410486

Want to stay up to date on a daily basis?

Enable the mail alert feature now!