CVE-2021-20440 is a vulnerability in IBM Api Connect
Published on March 15, 2021

IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by API Manager can use a stolen invitation link and register themselves as a member of an API provider organization. IBM X-Force ID: 196536.

NVD

Products Associated with CVE-2021-20440

Want to know whenever a new CVE is published for IBM Api Connect? stack.watch will email you.

IBM Api Connect

Affected Versions

IBM API Connect:

Version 2018.4.1.0 is affected.
Version 2018.4.1.13 is affected.
Version 10.0.0.0 is affected.

Exploit Probability

EPSS

0.18%

Percentile

39.57%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-20440 is a vulnerability in IBM Api ConnectPublished on March 15, 2021

Products Associated with CVE-2021-20440

Affected Versions

Exploit Probability

CVE-2021-20440 is a vulnerability in IBM Api Connect
Published on March 15, 2021