Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Unauthenticated, network-reachable password reset endpoint with low-complexity SQL injection yields PR:N/AC:L/AV:N; SQLi over the credential store gives full C/I/A impact.
Primary rating from Vendor (ibm).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionNVD
IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality.
AnalysisAI
Unauthenticated SQL injection in IBM API Connect's password reset functionality allows remote attackers to inject arbitrary SQL against the backing database without credentials, affecting versions 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3. With a CVSS 9.8 vector (AV:N/AC:L/PR:N/UI:N) and total technical impact, exploitation can lead to full compromise of confidentiality, integrity, and availability of the API management data store. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The specific prerequisite is that the target must expose IBM API Connect's password reset functionality (the account self-service/credential reset endpoint) reachable over the network; per the CVSS vector (AV:N/AC:L/PR:N/UI:N) no authentication, no user interaction, and no special non-default configuration are required beyond the reset feature being enabled and network-accessible. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals are partly divergent and warrant nuance. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A remote, unauthenticated attacker sends a crafted request to the API Connect password reset endpoint with malicious SQL embedded in an input field (such as the username or email parameter). Because the input is not sanitized before being used in a SQL query, the attacker extracts or modifies data in the credential store - for example dumping account records or altering reset tokens - potentially escalating to account takeover or full data compromise. … |
| Remediation | Patch available per vendor advisory: apply the fixes referenced in IBM's support bulletins at https://www.ibm.com/support/pages/node/7278909 and https://www.ibm.com/support/pages/node/7278218, upgrading beyond the affected 10.0.8.x and 12.1.0.0-12.1.0.3 ranges to the IBM-designated fixed level (confirm the exact target build in those advisories, as an explicit fixed version string was not provided in the input). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: identify and document all systems running IBM API Connect 10.0.8.0-10.0.8.9 or 12.1.0.0-12.1.0.3; restrict network access to affected instances from untrusted sources. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Api Connect
View allIBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. Rated critical severity (CVSS 1
IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a ser
IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. Rated critical
Authentication bypass via default credentials in IBM API Connect 12.1.0.0 through 12.1.0.3 lets remote unauthenticated a
IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. Ra
IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from
IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted by a privilege escalation vulnerability when integr
API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Rated critical severity (CVSS 9.8), this vulner
IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. Ra
IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system comma
IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information or conduct denial of
IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. Rated high
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42307
GHSA-hw2j-c5q4-7m9c