CVE-2020-4828

MEDIUM

IBM API Connect 10.0.0.0-10.0.1.0 and 2018.4.1.0-2018.4.1.13 - Web Cache Poisoning via HTTP Request Header Manipulation

Title source: llm
STIX 2.1

Description

IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 189842.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6410498
VDB Entry, Vendor Advisory vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/189842

Scores

CVSS v3 6.5
EPSS 0.0081
EPSS Percentile 52.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

CWE
CWE-20
Status published
Products (3)
ibm/api_connect 10.0.0.0
ibm/api_connect 10.0.1.0
ibm/api_connect 2018.4.1.0 - 2018.4.1.13
Published Feb 04, 2021
Tracked Since Feb 18, 2026