CVE-2020-4638

CWE-269Improper Privilege Management3 documents3 sources
Severity
7.2HIGH
EPSS
0.5%
top 33.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM API Connect
Timeline
PublishedSep 3
Latest updateMay 24

Description

IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. An invitee to an API Provider organization can escalate privileges by manipulating the invitation link. IBM X-Force ID: 185508.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

NVDibm/api_connect2018.4.1.02018.4.1.12
CVEListV5ibm/api_connect2018.4.1.0, 2018.4.12+1

🔴Vulnerability Details

2
GHSA
GHSA-7pvf-3gfc-6366: IBM API Connect's API Manager 20182022-05-24
CVEList
CVE-2020-4638: IBM API Connect's API Manager 20182020-09-03
CVE-2020-4638 (HIGH CVSS 7.2) | IBM API Connect's API Manager 2018. | cvebase.io