CRITICAL🇵🇱 Wersja polska

CVE-2025-13915

CVSS 9.8v3.1pub. 2025-12-26upd. 2025-12-31

IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-305 (Authentication Bypass by Primary Weakness) means that there is a flaw in the authentication process implementation that allows it to be bypassed without possessing valid credentials. An attacker can send a crafted network request to the vulnerable system and gain access to the application while bypassing the required login. The attack is possible remotely over the network without needing any privileges in the system.

Impact

Successful exploitation of this vulnerability allows an attacker to gain unauthorized access to IBM API Connect applications, which may lead to complete compromise of confidentiality, integrity, and availability of managed resources and APIs.

Mitigation & patch

Patches available from the vendor should be applied according to the references — detailed information and patches are available at: https://www.ibm.com/support/pages/node/7255149

Who is affected

IBM API Connect in versions 10.0.8.0 to 10.0.8.5 and version 10.0.11.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • IBM Api Connect

    APP
    Ibm
    10.0.11.010.0.8.0 – 10.0.8.5
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2021-29772CRITICAL9.8ten sam produkt

IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user...

CVE-2021-29715CRITICAL9.1ten sam produkt

IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information or conduct...

CVE-2020-4899CRITICAL9.1ten sam produkt

IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corrup...

CVE-2019-4203CRITICAL9.8ten sam produkt

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary ...

CVE-2019-4202CRITICAL10.0ten sam produkt

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a sp...