PT-2020-18178 · Ibm · Api Connect

Published

2020-09-03

Updated

2021-07-21

CVE-2020-4638

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IBM API Connect's API Manager versions 2018.4.1.0 through 2018.4.1.12

Description The issue allows an invitee to an API Provider organization to escalate privileges by manipulating the invitation link.

Recommendations For versions 2018.4.1.0 through 2018.4.1.12, update to a version that contains a fix for this issue to prevent privilege escalation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-4638

Affected Products

Api Connect

PT-2020-18178 · Ibm · Api Connect

CVE-2020-4638

Related Identifiers

Affected Products

References · 4