IBM API Connect up to 10.0.1.0/2018.4.1.13 Web UI cross site scripting

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in IBM API Connect up to 10.0.1.0/2018.4.1.13 (Automation Software) and classified as problematic. This issue affects an unknown functionality of the component Web UI. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field02/05/2021 08:21 AM02/23/2021 03:35 PM
vendorIBMIBM
nameAPI ConnectAPI Connect
version<=10.0.1.0/2018.4.1.13<=10.0.1.0/2018.4.1.13
componentWeb UIWeb UI
cwe79 (cross site scripting)79 (cross site scripting)
risk11
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiRR
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iLL
cvss3_vuldb_aNN
cvss3_vuldb_rcCC
urlhttps://www.ibm.com/support/pages/node/6410506https://www.ibm.com/support/pages/node/6410506
cveCVE-2020-4825CVE-2020-4825
xforce189839189839
date1612479600 (02/05/2021)1612479600 (02/05/2021)
typeAutomation SoftwareAutomation Software
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_ciNN
cvss2_vuldb_iiPP
cvss2_vuldb_aiNN
cvss2_vuldb_rcCC
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss2_vuldb_basescore4.04.0
cvss2_vuldb_tempscore4.04.0
cvss3_vuldb_basescore3.53.5
cvss3_vuldb_tempscore3.53.5
cvss3_meta_basescore3.53.5
cvss3_meta_tempscore3.53.5
price_0day$0-$5k$0-$5k
price_trend++
cve_assigned1577660400
cve_nvd_summaryIBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 189839.
confirm_urlhttps://www.ibm.com/support/pages/node/6410506

Interested in the pricing of exploits?

See the underground prices here!