CVE-2020-4337
First published: Thu Sep 03 2020(Updated: )
IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker to launch phishing attacks by tricking the server to generate user registration emails that contain malicious URLs. IBM X-Force ID: 177933.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM API Connect | >=2018.4.1.0<=2018.4.1.12 | |
| <=V2018.4.1.0-2018.4.1.12 | ||
| <=V10.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2020-4337.
What is the severity of CVE-2020-4337?
The severity of CVE-2020-4337 is medium (severity value of 6.5).
How can an attacker exploit CVE-2020-4337?
An attacker can exploit CVE-2020-4337 by tricking the server to generate user registration emails that contain malicious URLs, which can be used for phishing attacks.
Is there a patch available for CVE-2020-4337?
Yes, there is a patch available for CVE-2020-4337. For IBM API Connect 2018.4.1.0 through 2018.4.1.12, the patch can be downloaded from IBM Fix Central. For IBM API Connect V10.0.0, the patch can be downloaded from IBM Support.
Where can I find more information about CVE-2020-4337?
You can find more information about CVE-2020-4337 on the IBM X-Force Exchange website and IBM Support.
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- vendor/ibm
- canonical/ibm api connect
- version/ibm api connect/2018.4.1.0
- version/ibm api connect/2018.4.1.12
- version/ibm api connect/v2018.4.1.0-2018.4.1.12
- version/ibm api connect/v10.0.0