CVE-2020-4640

LOW Year: 2020
CVSS v3 Score
3.4
Low
CVSS v2 Score
3.8
Low
Weakness Type
CWE-200
View all →

Vulnerability Description

Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, logging platforms, etc. An attacker can make use of this information to perform attacks by impersonating a user. IBM X-Force ID: 185510.

Related Vulnerabilities

CVE-2016-3155

LOW
CVSS:3.4(Low)

Siemens APOGEE Insight uses weak permissions for the application folder, which allows local users to obtain sensitive information or modify data via unspecified vectors.

CWE-2002016

CVE-2016-8016

LOW
CVSS:3.4(Low)

Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a URL...

CWE-2002016

CVE-2023-38301

LOW
CVSS:3.4(Low)

An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero ...

CWE-2002023

CVE-2013-4209

LOW
CVSS:3.3(Low)

Automatic Bug Reporting Tool (ABRT) before 2.1.6 allows local users to obtain sensitive information about arbitrary files via vectors related to sha1sums.

CWE-2002013

CVE-2013-7458

LOW
CVSS:3.3(Low)

linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.

CWE-2002013

CVE-2014-2884

LOW
CVSS:3.3(Low)

The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to bypass access restrictions and obtain sensitive information about arbitrary files via a (1) TC_IOCTL_OP...

CWE-2002014