CVE-2021-20440

Name of the Vulnerable Software and Affected Versions: IBM API Connect versions 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13

Description: The issue allows an attacker who is a valid user in the user registry used by API Manager to register themselves as a member of an API provider organization using a stolen invitation link, as the system does not restrict member registration to the intended recipient.

Recommendations: For versions 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13, consider restricting access to the member registration process to prevent unauthorized registrations until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.