IBM API Connectβs API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. An invitee to an API Provider organization can escalate privileges by manipulating the invitation link. IBM X-Force ID: 185508.
https://www.ibm.com/support/pages/node/6324751
https://www.ibm.com/support/pages/node/6324751
https://exchange.xforce.ibmcloud.com/vulnerabilities/185508
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4638
