## Summary
IBM API Connect has addressed the following improper access control vulnerability CVE-2023-285220.
## Vulnerability Details
** CVEID: **[CVE-2023-28522]()
** DESCRIPTION: **IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to.
CVSS Base score: 4.3
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250585]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
## Affected Products and Versions
Affected Product(s)| Version(s)
—|—
API Connect| V10.x
## Remediation/Fixes
Affected Product| Addressed in VRMF| Remediation/First Fix
—|—|—
IBM API Connect
V10.0.0.0 – V10.0.5.1
| V10.0.5.2| Addressed in IBM API Connect V10.0.5.2
The management server component is impacted.
Follow this link and find the appropriate package.
IBM API Connect
V10.0.1.4 – V10.0.1.9
| V10.0.1.11|
Addressed in IBM API Connect V10.0.1.11
The management server component is impacted.
Follow this link and find the appropriate package.
## Workarounds and Mitigations
None