Rewterz Threat Advisory – IBM API Connect information disclosure
March 16, 2021Rewterz Threat Advisory – Apache OpenMeetings denial of service
March 16, 2021Rewterz Threat Advisory – IBM API Connect information disclosure
March 16, 2021Rewterz Threat Advisory – Apache OpenMeetings denial of service
March 16, 2021Severity
Medium
Analysis Summary
CVE-2021-20440
IBM API Connect does not restrict member registration to the intended recipient. An attacker who is a valid user in the user registry used by API Manager can use a stolen invitation link and register themselves as a member of an API provider organization.
Impact
Obtain Information
Affected Vendors
IBM
Affected Products
- IBM API Connect 2018.4.1.0
- IBM API Connect 2018.4.1.13
- IBM API Connect 10.0.0.0
Remediation
Refer to IBM Security Bulletin 6430107 for patch, upgrade or suggested workaround information.