IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.
The vulnerability classified as CWE-305 (Authentication Bypass by Primary Weakness) means that there is a flaw in the authentication process implementation that allows it to be bypassed without possessing valid credentials. An attacker can send a crafted network request to the vulnerable system and gain access to the application while bypassing the required login. The attack is possible remotely over the network without needing any privileges in the system.
Successful exploitation of this vulnerability allows an attacker to gain unauthorized access to IBM API Connect applications, which may lead to complete compromise of confidentiality, integrity, and availability of managed resources and APIs.
Patches available from the vendor should be applied according to the references — detailed information and patches are available at: https://www.ibm.com/support/pages/node/7255149
IBM API Connect in versions 10.0.8.0 to 10.0.8.5 and version 10.0.11.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HIBM Api Connect
APPIbm10.0.11.010.0.8.0 – 10.0.8.5
Related vulnerabilities
IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user...
IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information or conduct...
IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corrup...
IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary ...
IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a sp...