CVE-2020-4640
Last modified
CVE-2020-4640 is a medium-severity vulnerability rated 4.1/10 on the CVSS scale. Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, logging platforms, etc. EPSS estimates a 0.35% chance of exploitation in the next 30 days.
Description
Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, logging platforms, etc. An attacker can make use of this information to perform attacks by impersonating a user. IBM X-Force ID: 185510.
Metrics
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Api Connect | >= 2018.4.1.0, <= 2018.4.1.13 |
| Ibm | Api Connect | 10.0.0.0 |
| Ibm | Api Connect | 10.0.1.0 |
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/185510VDB Entry, Vendor Advisory
- https://www.ibm.com/support/pages/node/6410486Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/185510VDB Entry, Vendor Advisory
- https://www.ibm.com/support/pages/node/6410486Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-4640?
How severe is CVE-2020-4640?
How do I fix CVE-2020-4640?
Are you affected by CVE-2020-4640?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST