CVE-2020-4337

MEDIUM

IBM API Connect <2018.4.1.12 - CSRF

Title source: llm
STIX 2.1

Description

IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker to launch phishing attacks by tricking the server to generate user registration emails that contain malicious URLs. IBM X-Force ID: 177933.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6324763
VDB Entry, Vendor Advisory vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/177933

Scores

CVSS v3 6.5
EPSS 0.0105
EPSS Percentile 60.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

Status published
Products (1)
ibm/api_connect 2018.4.1.0 - 2018.4.1.12
Published Sep 03, 2020
Tracked Since Feb 18, 2026