CVE-2020-4640 Information

Description

Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers cdn logging platforms etc. An attacker can make use of this information to perform attacks by impersonating a user. IBM X-Force ID: 185510.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Reference

https://www.ibm.com/support/pages/node/6410486 https://exchange.xforce.ibmcloud.com/vulnerabilities/185510

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

4.1