Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Default credentials are publicly known so authentication is effectively bypassed (PR:N); network-reachable with no user interaction and low complexity, yielding total compromise (C/I/A:H).
Primary rating from Vendor (ibm).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionNVD
IBM API Connect 12.1.0.0 through 12.1.0.3 uses default credentials which could allow an attacker to gain unauthorized access to the application before the system enforces a credential update.
AnalysisAI
Authentication bypass via default credentials in IBM API Connect 12.1.0.0 through 12.1.0.3 lets remote unauthenticated attackers log in with vendor-shipped default credentials during the window before the system forces a credential change on first use. Rated CVSS 9.8 with total confidentiality, integrity, and availability impact, the flaw grants full access to the API management platform. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the target IBM API Connect instance (versions 12.1.0.0 through 12.1.0.3) is still using its shipped default credentials - that is, the attacker must reach the instance during the window after deployment and before the system enforces the mandatory credential update, and the management/login interface must be network-reachable. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals are mixed. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach the network-exposed management interface of a freshly deployed IBM API Connect 12.1.x instance authenticates using the product's documented default credentials before the operator completes the enforced credential update. With that access the attacker gains full control over API definitions, secrets, and gateway configuration. … |
| Remediation | Apply the vendor-released patch available per IBM's advisory at https://www.ibm.com/support/pages/node/7278909 and upgrade beyond the affected range to a fixed release (the EUVD range indicates 12.1.0.3 as the boundary; confirm the exact fixed build in the IBM advisory). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
WITHIN 24 HOURS: Identify and inventory all IBM API Connect 12.1.0.0-12.1.0.3 deployments; restrict network access to administrative interfaces to authorized networks only; isolate any freshly deployed instances pending hardening. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Api Connect
View allIBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. Rated critical severity (CVSS 1
IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a ser
IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. Rated critical
Unauthenticated SQL injection in IBM API Connect's password reset functionality allows remote attackers to inject arbitr
IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. Ra
IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from
IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted by a privilege escalation vulnerability when integr
API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Rated critical severity (CVSS 9.8), this vulner
IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. Ra
IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system comma
IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information or conduct denial of
IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. Rated high
Same weakness CWE-1392 – Use of Default Credentials
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42304
GHSA-m242-fcx4-2h8f