Critical IBM API Connect Vulnerability Let Attackers Bypass Logins

Critical IBM API Connect Vulnerability Let Attackers Bypass Logins

Posted on By CWS

A important safety alert relating to a extreme vulnerability within the IBM API Join platform that might permit distant attackers to bypass authentication mechanisms.

Found throughout inside testing, the flaw poses a big danger to organizations counting on the platform for API administration. It grants unauthorized actors entry to the appliance with out requiring legitimate credentials.

The vulnerability, tracked as CVE-2025-13915, has been assigned a important CVSS base rating of 9.8 out of 10. This near-maximum rating displays the benefit of exploitation and the excessive impression on confidentiality, integrity, and availability.

The flaw is assessed below CWE-305, which refers to an “Authentication Bypass by Major Weak spot.” In line with the advisory, the difficulty permits a distant attacker to avoid the login course of solely.

As a result of the assault vector is network-based (AV: N) and requires no particular privileges (PR: N) or consumer interplay (UI: N), the danger of automated or widespread exploitation is excessive.

The vulnerability impacts particular variations of IBM API Join. Directors are urged to verify their deployments for the next variations:

ProductAffected VersionsIBM API Join V10.0.8Versions 10.0.8.0 by means of 10.0.8.5IBM API Join V10.0.11Version 10.0.11.0

IBM strongly recommends that each one affected clients improve instantly to the patched variations. The corporate has launched iFixes for the affected launch ranges.

Product VersionFix AvailabilityIBM API Join V10.0.8Patches out there for variations 10.0.8.1 by means of 10.0.8.5IBM API Join V10.0.11iFix out there for model 10.0.11

For organizations that can’t instantly apply the patch, IBM has supplied a brief mitigation. Directors ought to disable self-service sign-up on their Developer Portal whether it is at the moment enabled.

Whereas this doesn’t repair the underlying code flaw, it helps decrease the assault floor and reduces publicity to this particular vulnerability till the everlasting repair may be deployed.

Comply with us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to function your tales.

Cyber Security News Tags:, , , , , , ,

Related Posts

Nike Investigates Data Breach Following WorldLeaks Ransomware Group Claim Nike Investigates Data Breach Following WorldLeaks Ransomware Group Claim Cyber Security News
U.S. Secret Service Dismantles 300 SIM Servers and 100,000 SIM Cards U.S. Secret Service Dismantles 300 SIM Servers and 100,000 SIM Cards Cyber Security News
SAP Urges Immediate Patch for Critical Security Flaws SAP Urges Immediate Patch for Critical Security Flaws Cyber Security News
Multiple vtenext Vulnerabilities Let Attackers Bypass Authentication and Execute Remote Codes Multiple vtenext Vulnerabilities Let Attackers Bypass Authentication and Execute Remote Codes Cyber Security News
WAFs protection Bypassed to Execute XSS Payloads Using JS Injection with Parameter Pollution WAFs protection Bypassed to Execute XSS Payloads Using JS Injection with Parameter Pollution Cyber Security News
FortiWeb SQL Injection Vulnerability Allows Attacker to Execute Malicious SQL Code FortiWeb SQL Injection Vulnerability Allows Attacker to Execute Malicious SQL Code Cyber Security News