780 matches found
CVE-2026-9074
IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality...
CVE-2026-9074 IBM API Connect SQL Injection
IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality...
CVE-2026-9074
IBM API Connect is affected by an unauthenticated SQL injection in the password reset flow for versions 10.0.8.0–10.0.8.9 and 12.1.0.0–12.1.0.3. The issue is a server-side SQL injection vulnerability that can be exploited without authentication, with network access required and no user interactio...
EUVD-2026-42307
IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality...
CVE-2026-3144 IBM API Connect Default Credentials
IBM API Connect 12.1.0.0 through 12.1.0.3 uses default credentials which could allow an attacker to gain unauthorized access to the application before the system enforces a credential update...
CVE-2026-3144
CVE-2026-3144 affects IBM API Connect 12.1.0.0 through 12.1.0.3. The issue is the use of default credentials, which could allow an attacker to gain unauthorized access to the application before the system enforces a credential update. Exploitation details or a remediation/fix are not provided in ...
PT-2026-56477
Name of the Vulnerable Software and Affected Versions IBM API Connect versions 12.1.0.0 through 12.1.0.3 Description The application uses default credentials, which may allow an attacker to gain unauthorized access before the system requires a credential update. Recommendations Update IBM API...
Security Bulletin: Multiple Vulnerabilities in IBM API Connect
Summary Multiple vulnerabilities were addressed in IBM API Connect version v10.0.8.10 Vulnerability Details CVEID:CVE-2026-33244 DESCRIPTION: React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the...
Security Bulletin: Multiple Vulnerabilities in IBM API Connect
Summary Multiple vulnerabilities were addressed in IBM API Connect version v12.1.0.3 Vulnerability Details CVEID:CVE-2025-11187 DESCRIPTION: Issue summary: PBMAC1 parameters in PKCS12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer...
Security Bulletin: Multiple Vulnerabilities in IBM API Connect
Summary Multiple vulnerabilities were addressed in IBM API Connect version v12.1.0.2 Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable...
Security Bulletin: Multiple Vulnerabilities in IBM API Connect
Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.7 Vulnerability Details CVEID:CVE-2025-12818 DESCRIPTION: Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an...
Security Bulletin: Multiple Vulnerabilities in IBM API Connect
Summary Multiple vulnerabilities were addressed in IBM API Connect version v12.1.0.1 Vulnerability Details CVEID:CVE-2023-39804 DESCRIPTION: In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c. CVSS Source: IBM X-Force CVSS Base...
Security Bulletin: Multiple Vulnerabilities in IBM API Connect
Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.6 Vulnerability Details CVEID:CVE-2021-3999 DESCRIPTION: A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is exactly 1. A loc...
Critical CVSS 9.8 Flaw Found in IBM API Connect Authentication System
IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application. The vulnerability, tracked as CVE-2025-13915 , is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an authentication...
CVE-2025-13915
IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application...
CVE-2025-13915
IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application...
CVE-2025-13915
IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application...
CVE-2025-13915 Authentication bypass in IBM API Connect
IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application...
CVE-2025-13915
IBM API Connect is affected by CVE-2025-13915, a remote authentication bypass in versions 10.0.8.0–10.0.8.5 and 10.0.11.0. The issue allows an unauthenticated attacker to bypass authentication and gain unauthorized access to the application. IBM’s security bulletin recommends upgrading to version...
Security Bulletin: Authentication bypass in IBM API Connect
Summary Internal testing has revealed a potential authentication bypass in IBM API Connect Vulnerability Details CVEID:CVE-2025-13915 DESCRIPTION: IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application. CWE:CWE-305:...