Description
IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Wed, 08 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 08 Jul 2026 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality. | |
| Title | IBM API Connect SQL Injection | |
| First Time appeared |
Ibm
Ibm api Connect |
|
| Weaknesses | CWE-89 | |
| CPEs | cpe:2.3:a:ibm:api_connect:10.0.8.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:api_connect:10.0.8.9:*:*:*:*:*:*:* cpe:2.3:a:ibm:api_connect:12.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:api_connect:12.1.0.3:*:*:*:*:*:*:* |
|
| Vendors & Products |
Ibm
Ibm api Connect |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: ibm
Published:
Updated: 2026-07-08T15:50:07.403Z
Reserved: 2026-05-20T12:31:24.875Z
Link: CVE-2026-9074
Updated: 2026-07-08T15:49:58.136Z
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')