IBM has disclosed particulars of a vital security flaw in API Join that might enable attackers to achieve distant entry to the appliance.
The vulnerability, tracked as CVE-2025-13915, is rated 9.8 out of a most of 10.0 on the CVSS scoring system. It has been described as an authentication bypass flaw.
“IBM API Join may enable a distant attacker to bypass authentication mechanisms and acquire unauthorized entry to the appliance,” the tech large mentioned in a bulletin.
The shortcoming impacts the next variations of IBM API Join –
- 10.0.8.0 by means of 10.0.8.5
- 10.0.11.0
Clients are suggested to comply with the steps outlined beneath –
- Obtain the repair from Repair Central
- Extract the recordsdata: Readme.md and ibm-apiconnect-<model>-ifix.13195.tar.gz
- Apply the repair based mostly on the suitable API Join model
“Clients unable to put in the interim repair ought to disable self-service sign-up on their Developer Portal if enabled, which is able to assist minimise their publicity to this vulnerability,” the corporate added.
API Join is an end-to-end software programming interface (API) resolution that permits organizations to create, check, handle, and safe APIs situated on cloud and on-premises. It is utilized by firms like Axis Financial institution, Bankart, Etihad Airways, Finologee, IBS Bulgaria, State Financial institution of India, Tata Consultancy Providers, and TINE.
Whereas there isn’t a proof of the vulnerability being exploited within the wild, customers are suggested to use the fixes as quickly as doable for optimum safety.
