Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2021-20440

IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by API Manager can use a stolen invitation link and register themselves as a member of an API provider organization. IBM X-Force ID: 196536.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.3%
CVSS Severity
CVSS v3 Score 6.4
CVSS v2 Score 4.0
Products affected by CVE-2021-20440
  • Ibm » Api Connect » Version: 10.0.0.0
    cpe:2.3:a:ibm:api_connect:10.0.0.0
  • Ibm » Api Connect » Version: 2018.4.1.0
    cpe:2.3:a:ibm:api_connect:2018.4.1.0
  • Ibm » Api Connect » Version: 2018.4.1.1
    cpe:2.3:a:ibm:api_connect:2018.4.1.1
  • Ibm » Api Connect » Version: 2018.4.1.10
    cpe:2.3:a:ibm:api_connect:2018.4.1.10
  • Ibm » Api Connect » Version: 2018.4.1.11
    cpe:2.3:a:ibm:api_connect:2018.4.1.11
  • Ibm » Api Connect » Version: 2018.4.1.12
    cpe:2.3:a:ibm:api_connect:2018.4.1.12
  • Ibm » Api Connect » Version: 2018.4.1.13
    cpe:2.3:a:ibm:api_connect:2018.4.1.13
  • Ibm » Api Connect » Version: 2018.4.1.2
    cpe:2.3:a:ibm:api_connect:2018.4.1.2
  • Ibm » Api Connect » Version: 2018.4.1.3
    cpe:2.3:a:ibm:api_connect:2018.4.1.3
  • Ibm » Api Connect » Version: 2018.4.1.4
    cpe:2.3:a:ibm:api_connect:2018.4.1.4
  • Ibm » Api Connect » Version: 2018.4.1.5
    cpe:2.3:a:ibm:api_connect:2018.4.1.5
  • Ibm » Api Connect » Version: 2018.4.1.6
    cpe:2.3:a:ibm:api_connect:2018.4.1.6
  • Ibm » Api Connect » Version: 2018.4.1.7
    cpe:2.3:a:ibm:api_connect:2018.4.1.7
  • Ibm » Api Connect » Version: 2018.4.1.8
    cpe:2.3:a:ibm:api_connect:2018.4.1.8
  • Ibm » Api Connect » Version: 2018.4.1.9
    cpe:2.3:a:ibm:api_connect:2018.4.1.9


Products
Pricing
Contact Us

Shodan ® - All rights reserved