CVE-2020-4828 — Improper Input Validation in IBM API Connect

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 63.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM API Connect

Timeline

PublishedFeb 4

Latest updateMay 24

Description

IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 189842.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

▶NVDibm/api_connect2018.4.1.0 — 2018.4.1.13+2

▶CVEListV5ibm/api_connect4 versions+3

🔴Vulnerability Details

GHSA

GHSA-mc75-95xp-qm8h: IBM API Connect 10↗2022-05-24

▶

CVEList

CVE-2020-4828: IBM API Connect 10↗2021-02-04

▶