Login Sign Up

CVE-2020-7633

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2020-7633 is a command injection vulnerability in apiconnect-cli-plugins that allows attackers to execute arbitrary commands on the system by manipulating the pluginUri argument. This affects users of IBM API Connect CLI plugins up to version 6.0.1. Successful exploitation could lead to complete system compromise.

💻 Affected Systems

Products:
  • IBM API Connect CLI plugins
Versions: All versions through 6.0.1
Operating Systems: All platforms where Node.js and apiconnect-cli-plugins run
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in the plugin installation mechanism when using untrusted plugin URIs.

📦 What is this software?

Apiconnect Cli Plugins by Apiconnect Cli Plugins Project

View all CVEs affecting Apiconnect Cli Plugins →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with root/administrator privileges, allowing data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Unauthorized command execution with the privileges of the user running the CLI, potentially leading to data exfiltration or lateral movement.

🟢

If Mitigated

Limited impact if running with minimal privileges in isolated environments with network restrictions.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction to install a malicious plugin, but the injection is straightforward once the attacker controls the pluginUri parameter.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.0.2 and later

Vendor Advisory: https://www.ibm.com/support/pages/node/6253781

Restart Required: No

Instructions:

1. Update IBM API Connect CLI to latest version. 2. Run 'npm update -g apiconnect-cli-plugins' to update plugins. 3. Verify version with 'apic --version'.

🔧 Temporary Workarounds

Avoid untrusted plugin sources

all

Only install plugins from trusted, verified sources and avoid using arbitrary plugin URIs.

Run with minimal privileges

all

Execute the CLI with non-privileged user accounts to limit potential damage.

🧯 If You Can't Patch

  • Implement strict input validation for pluginUri parameters in custom integrations
  • Isolate systems running vulnerable versions using network segmentation and access controls

🔍 How to Verify

Check if Vulnerable:

Check installed version with 'npm list -g apiconnect-cli-plugins' and verify if version is 6.0.1 or earlier.

Check Version:

npm list -g apiconnect-cli-plugins | grep apiconnect-cli-plugins

Verify Fix Applied:

After update, confirm version is 6.0.2 or later using 'npm list -g apiconnect-cli-plugins'.

📡 Detection & Monitoring

Log Indicators:

  • Unusual plugin installation attempts
  • Suspicious command execution in system logs following plugin operations

Network Indicators:

  • Unexpected outbound connections from systems running API Connect CLI

SIEM Query:

Process execution events containing 'apic' or 'npm' with suspicious arguments or from unusual locations

📊 Metadata

CVE ID: CVE-2020-7633
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-78
Published: April 6, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-7633, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)
CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)
CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)