<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1462084720533760&amp;ev=PageView&amp;noscript=1">
virsec security lab

CVE-2020-4838: IBM API Connect (Cross Site Scripting)

Virsec Security Research Lab Vulnerability Analysis

The Virsec Security Research Lab provides timely, relevant analysis about recent and notable security vulnerabilities.

1.1        Vulnerability Summary

IBM API Connect through is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.


Watch the video to learn more about this and other important vulnerabilities.

1.2        CVSS Score

The CVSS Base score of this vulnerability is 6.4 Medium. CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

1.3        Affected Version

IBM API Connect through

1.4        Vulnerability Attribution

This vulnerability is reported by IBM Corporation.

1.5        Risk Impact

IBM API Connect® is a complete, modern, intuitive and scalable API platform that lets you create, securely expose, manage and monetize APIs across clouds so that you and your customers can power digital applications and spur innovation. IBM API Connect is also available with other capabilities as an IBM Cloud Pak® solution, which can help you achieve your application modernization goals as part of your journey to cloud. BM API connect is the market leader for global 2000 to migrate or build services in cloud.


Exploiting this vulnerability can lead to exfiltration of sensitive data from servers, via XSS Vulnerability.

No public exploits are available, but it is possible to build one based on the information in the disclosure.

1.6        Virsec Security Platform (VSP) Support:

VSP-Web has capability that can detect all types of XSS attack and prevent this attack from being exploited.

1.7        Reference Links:

Download the full vulnerability report to learn more about this and other important vulnerabilities.

Do you have a request for a vulnerability Virsec Security Research Lab to explore? Let us know!