IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 08 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 08 Jul 2026 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality. | |
| Title | IBM API Connect SQL Injection | |
| First Time appeared |
Ibm
Ibm api Connect |
|
| Weaknesses | CWE-89 | |
| CPEs | cpe:2.3:a:ibm:api_connect:10.0.8.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:api_connect:10.0.8.9:*:*:*:*:*:*:* cpe:2.3:a:ibm:api_connect:12.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:api_connect:12.1.0.3:*:*:*:*:*:*:* |
|
| Vendors & Products |
Ibm
Ibm api Connect |
|
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: ibm
Published:
Updated: 2026-07-08T15:50:07.403Z
Reserved: 2026-05-20T12:31:24.875Z
Link: CVE-2026-9074
Updated: 2026-07-08T15:49:58.136Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-08T17:45:03Z
Weaknesses