Dec 31, 2026Ravie LakshmananAPI Safety / Vulnerability
IBM has disclosed particulars of a essential safety flaw in API Join that would permit attackers to realize distant entry to the applying.
The vulnerability, tracked as CVE-2025-13915, is rated 9.8 out of a most of 10.0 on the CVSS scoring system. It has been described as an authentication bypass flaw.
“IBM API Join might permit a distant attacker to bypass authentication mechanisms and achieve unauthorized entry to the applying,” the tech big stated in a bulletin.
The shortcoming impacts the next variations of IBM API Join –
10.0.8.0 by way of 10.0.8.5
10.0.11.0
Prospects are suggested to observe the steps outlined under –
Obtain the repair from Repair Central
Extract the information: Readme.md and ibm-apiconnect–ifix.13195.tar.gz
Apply the repair based mostly on the suitable API Join model
“Prospects unable to put in the interim repair ought to disable self-service sign-up on their Developer Portal if enabled, which is able to assist minimise their publicity to this vulnerability,” the corporate added.
API Join is an end-to-end utility programming interface (API) resolution that enables organizations to create, take a look at, handle, and safe APIs positioned on cloud and on-premises. It is utilized by firms like Axis Financial institution, Bankart, Etihad Airways, Finologee, IBS Bulgaria, State Financial institution of India, Tata Consultancy Providers, and TINE.
Whereas there isn’t any proof of the vulnerability being exploited within the wild, customers are suggested to use the fixes as quickly as potential for optimum safety.
