VDB-169207 · CVE-2020-4827 · XFDB 189841

IBM API Connect up to 10.0.1.0/2018.4.1.13 cross-site request forgery

A vulnerability was found in IBM API Connect up to 10.0.1.0/2018.4.1.13 (Automation Software). It has been declared as problematic. Affected by this vulnerability is an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field	02/05/2021 08:22 AM	02/23/2021 03:41 PM
vendor	IBM	IBM
name	API Connect	API Connect
version	<=10.0.1.0/2018.4.1.13	<=10.0.1.0/2018.4.1.13
cwe	352 (cross site request forgery)	352 (cross site request forgery)
risk	1	1
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	L	L
cvss3_vuldb_pr	N	N
cvss3_vuldb_ui	R	R
cvss3_vuldb_s	U	U
cvss3_vuldb_c	N	N
cvss3_vuldb_i	L	L
cvss3_vuldb_a	N	N
cvss3_vuldb_rc	C	C
url	https://www.ibm.com/support/pages/node/6410500	https://www.ibm.com/support/pages/node/6410500
cve	CVE-2020-4827	CVE-2020-4827
xforce	189841	189841
date	1612479600 (02/05/2021)	1612479600 (02/05/2021)
type	Automation Software	Automation Software
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	L	L
cvss2_vuldb_au	N	N
cvss2_vuldb_ci	N	N
cvss2_vuldb_ii	P	P
cvss2_vuldb_ai	N	N
cvss2_vuldb_rc	C	C
cvss2_vuldb_e	ND	ND
cvss2_vuldb_rl	ND	ND
cvss3_vuldb_e	X	X
cvss3_vuldb_rl	X	X
cvss2_vuldb_basescore	5.0	5.0
cvss2_vuldb_tempscore	5.0	5.0
cvss3_vuldb_basescore	4.3	4.3
cvss3_vuldb_tempscore	4.3	4.3
cvss3_meta_basescore	4.3	4.3
cvss3_meta_tempscore	4.3	4.3
price_0day	$5k-$25k	$5k-$25k
price_trend	+	+
cve_assigned		1577660400
cve_nvd_summary		IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189841.
confirm_url		https://www.ibm.com/support/pages/node/6410500

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!