CVE-2019-4203

Name of the Vulnerable Software and Affected Versions IBM API Connect versions 5.0.0.0 through 5.0.8.6

Description The issue allows app developers to exploit the Developer Portal and download arbitrary files from the host OS, potentially carrying out Server-Side Request Forgery (SSRF) attacks. SSRF attacks involve tricking a server into making requests to unintended locations, which can lead to unauthorized access to sensitive data or systems.

Recommendations For IBM API Connect versions 5.0.0.0 through 5.0.8.6, consider restricting access to the Developer Portal to minimize the risk of exploitation until a fix is available. As a temporary workaround, restrict the ability of app developers to download arbitrary files from the host OS. At the moment, there is no information about a newer version that contains a fix for this vulnerability.