IBM API Connect up to 10.0.1.0/2018.4.1.13 URL Fragment information disclosure

entryeditHistoryDiffjsonxmlCTI

A vulnerability has been found in IBM API Connect up to 10.0.1.0/2018.4.1.13 (Automation Software) and classified as problematic. This vulnerability affects an unknown function of the component URL Fragment Handler.

Field02/05/2021 08:20 AM02/23/2021 03:28 PM
vendorIBMIBM
nameAPI ConnectAPI Connect
version<=10.0.1.0/2018.4.1.13<=10.0.1.0/2018.4.1.13
componentURL Fragment HandlerURL Fragment Handler
cwe200 (information disclosure)200 (information disclosure)
risk11
cvss3_vuldb_avAA
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiRR
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iNN
cvss3_vuldb_aNN
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
urlhttps://www.ibm.com/support/pages/node/6410486https://www.ibm.com/support/pages/node/6410486
cveCVE-2020-4640CVE-2020-4640
xforce185510185510
date1612479600 (02/05/2021)1612479600 (02/05/2021)
typeAutomation SoftwareAutomation Software
cvss2_vuldb_avAA
cvss2_vuldb_acLL
cvss2_vuldb_ciPP
cvss2_vuldb_iiNN
cvss2_vuldb_aiNN
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_eXX
cvss2_vuldb_basescore2.72.7
cvss2_vuldb_tempscore2.72.3
cvss3_vuldb_basescore3.03.0
cvss3_vuldb_tempscore3.02.9
cvss3_meta_basescore3.03.0
cvss3_meta_tempscore3.02.9
price_0day$0-$5k$0-$5k
price_trend++
cve_assigned1577660400
cve_nvd_summaryCertain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, logging platforms, etc. An attacker can make use of this information to perform attacks by impersonating a user. IBM X-Force ID: 185510.
confirm_urlhttps://www.ibm.com/support/pages/node/6410486

Want to stay up to date on a daily basis?

Enable the mail alert feature now!