<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>API Connect (10.0.8.0) - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/api-connect-10.0.8.0/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Wed, 08 Jul 2026 16:24:32 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/api-connect-10.0.8.0/feed.xml" rel="self" type="application/rss+xml"/><item><title>Unauthenticated SQL Injection in IBM API Connect (CVE-2026-9074)</title><link>https://feed.craftedsignal.io/briefs/2026-07-ibm-api-connect-sqli/</link><pubDate>Wed, 08 Jul 2026 16:24:32 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-ibm-api-connect-sqli/</guid><description>IBM API Connect versions 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 are vulnerable to an unauthenticated SQL injection (CVE-2026-9074) in the password reset functionality, potentially leading to unauthorized data access or authentication bypass.</description><content:encoded><![CDATA[<p>A critical unauthenticated SQL injection vulnerability, tracked as CVE-2026-9074 (CVSS v3.1 Base Score: 9.1), affects IBM API Connect versions 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3. This flaw resides within the password reset functionality of the API management platform, allowing a remote attacker to inject malicious SQL queries without requiring any prior authentication. Successful exploitation of this vulnerability could enable an attacker to bypass authentication mechanisms, gain unauthorized access to sensitive database information, or potentially manipulate data, posing a significant risk to the integrity and confidentiality of the affected systems and user accounts. Organizations utilizing the specified vulnerable versions of IBM API Connect are strongly urged to apply the available patches immediately to mitigate this severe risk.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An unauthenticated attacker identifies an exposed IBM API Connect instance running a vulnerable version (10.0.8.0-10.0.8.9 or 12.1.0.0-12.1.0.3).</li>
<li>The attacker accesses the publicly available password reset functionality of the IBM API Connect web interface.</li>
<li>The attacker crafts and submits a specially malformed request to the password reset endpoint, embedding SQL injection payloads within input fields or parameters that are processed by the application's backend database.</li>
<li>The vulnerable application processes the malicious input without proper sanitization, leading to the execution of the attacker's arbitrary SQL commands within the database.</li>
<li>Depending on the crafted payload, the attacker might retrieve sensitive information from the database (e.g., user credentials, API keys) or bypass authentication to gain unauthorized access to user accounts.</li>
<li>Upon successful data exfiltration or authentication bypass, the attacker can leverage the compromised credentials or access tokens for further malicious activities within the API Connect environment.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of CVE-2026-9074 can lead to severe consequences for organizations. Due to the unauthenticated nature of the vulnerability, any attacker can initiate the exploitation. The primary impacts include unauthorized access to sensitive data stored in the backend database, such as user account details, API configurations, or other critical system information. Attackers could also achieve authentication bypass, gaining full control over administrative or user accounts within the IBM API Connect instance. This could lead to further compromise of managed APIs, data exfiltration, service disruption, or unauthorized modification of system settings, severely compromising the confidentiality and integrity of the API management platform and the services it exposes.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Patch CVE-2026-9074 immediately by updating IBM API Connect to a fixed version beyond 10.0.8.9 or 12.1.0.3, as described in the IBM support advisories referenced.</li>
<li>Deploy the Sigma rule &quot;Detect CVE-2026-9074 Exploitation Attempt - IBM API Connect SQL Injection&quot; to your SIEM and tune for your environment to detect attempts against the password reset functionality.</li>
<li>Monitor web server logs for suspicious requests to password reset endpoints containing common SQL injection patterns.</li>
</ul>
]]></content:encoded><category domain="severity">critical</category><category domain="type">advisory</category><category>sql-injection</category><category>web-vulnerability</category><category>critical-vulnerability</category><category>api-management</category></item></channel></rss>