CVE-2020-4899

CWE-319Cleartext Transmission3 documents3 sources
Severity
9.1CRITICAL
EPSS
0.1%
top 70.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM API Connect
Timeline
PublishedJan 5
Latest updateMay 24

Description

IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. IBM X-Force ID: 190990.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

NVDibm/api_connect5.0.0.05.0.8.10
CVEListV5ibm/api_connect5.0.0.0, 5.0.8.8+1

🔴Vulnerability Details

2
GHSA
GHSA-hv8p-8h35-vgf5: IBM API Connect 52022-05-24
CVEList
CVE-2020-4899: IBM API Connect 52021-01-05
CVE-2020-4899 (CRITICAL CVSS 9.1) | IBM API Connect 5.0.0.0 through 5.0 | cvebase.io