CVE-2020-4638

HIGH

IBM API Connect 2018.4.1.0-2018.4.1.12 - Privilege Escalation via Invitation Link Manipulation

Title source: llm
STIX 2.1

Description

IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. An invitee to an API Provider organization can escalate privileges by manipulating the invitation link. IBM X-Force ID: 185508.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6324751
VDB Entry, Vendor Advisory vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/185508

Scores

CVSS v3 7.2
EPSS 0.0171
EPSS Percentile 74.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (1)
ibm/api_connect 2018.4.1.0 - 2018.4.1.12
Published Sep 03, 2020
Tracked Since Feb 18, 2026