CVE-2020-4640

Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, logging platforms, etc. An attacker can make use of this information to perform attacks by impersonating a user. IBM X-Force ID: 185510.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:api_connect:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:api_connect:10.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:api_connect:10.0.1.0:*:*:*:*:*:*:*

History

21 Nov 2024, 05:33

Type Values Removed Values Added
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/185510 - VDB Entry, Vendor Advisory () https://exchange.xforce.ibmcloud.com/vulnerabilities/185510 - VDB Entry, Vendor Advisory
References () https://www.ibm.com/support/pages/node/6410486 - Vendor Advisory () https://www.ibm.com/support/pages/node/6410486 - Vendor Advisory

Information

Published : 2021-02-04 17:15

Updated : 2024-11-21 05:33


NVD link : CVE-2020-4640

Mitre link : CVE-2020-4640

CVE.ORG link : CVE-2020-4640


JSON object : View

Products Affected

ibm

  • api_connect
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor