Home
CRITICAL: 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NDefault status
unaffected
10.0.8.0 (semver) before 10.0.8.9
affected
12.0 (semver)
affected
Description
IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality.
Problem types
CWE-89 Improper neutralization of special elements used in an SQL command ('SQL injection')
Product status
10.0.8.0 (semver) before 10.0.8.9
12.0 (semver)
References
www.ibm.com/support/pages/node/7278909
www.ibm.com/support/pages/node/7278218