CVE-2021-20440

MEDIUM Year: 2021
CVSS v3 Score
6.4
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by API Manager can use a stolen invitation link and register themselves as a member of an API provider organization. IBM X-Force ID: 196536.

Related Vulnerabilities

CVE-2016-3115

MEDIUM
CVSS:6.4(Medium)

Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, rel...

NVD-CWE-Other2016

CVE-2016-3116

MEDIUM
CVSS:6.4(Medium)

CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data.

NVD-CWE-Other2016

CVE-2016-3420

MEDIUM
CVSS:6.4(Medium)

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.1.1, 9.3.1.2, 9.3.2, and 9.3.3 allows remote authenticated users to affect confidentiality and int...

NVD-CWE-Other2016

CVE-2016-3431

MEDIUM
CVSS:6.4(Medium)

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.1.1, 9.3.1.2, 9.3.2, and 9.3.3 allows remote authenticated users to affect confidentiality and int...

NVD-CWE-Other2016

CVE-2016-3572

MEDIUM
CVSS:6.4(Medium)

Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote authenticated users to a...

NVD-CWE-Other2016

CVE-2016-5454

MEDIUM
CVSS:6.4(Medium)

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Verified Boot.

NVD-CWE-Other2016