好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内,并且不需要特定的开头。首先,我得仔细阅读文章内容,抓住关键点。 文章主要讲的是IBM发现了一个严重的API Connect漏洞,编号是CVE-2025-13915,CVSS评分9.8分。这个漏洞允许攻击者绕过认证,远程访问系统。API Connect是IBM的API管理平台,用于帮助企业管理和监控API。 接下来,文章提到这个漏洞是在内部测试中发现的,影响了特定版本的API Connect产品。作为临时解决方案,建议禁用开发者门户的自助注册功能。目前没有证据显示该漏洞被利用,但用户被强烈建议尽快应用修复补丁。 现在我要把这些信息浓缩到100字以内。首先确定主要元素:IBM、API Connect、严重漏洞、CVSS评分、认证绕过、远程访问、受影响版本、临时措施和建议。 可能的结构是:IBM警告API Connect严重漏洞(CVE-2025-13915),CVSS 9.8分,允许攻击者绕过认证远程访问。影响V10.0.8.0-V10.0.8.5和V10.0.11.0版本。建议禁用自助注册以减少风险。 </think> IBM警告其API Connect平台存在严重漏洞(CVE-2025-13915),CVSS评分9.8分,允许攻击者绕过认证远程访问系统。该漏洞影响V10.0.8.0至V10.0.8.5及V10.0.11.0版本。建议禁用自助注册以降低风险。 2026-1-2 10:18:42 Author: securityaffairs.com(查看原文) 阅读量:4 收藏
IBM warns of critical API Connect bug enabling remote access
IBM disclosed a critical API Connect flaw (CVE-2025-13915, CVSS 9.8) that allows remote access via an authentication bypass.
IBM addressed a critical API Connect vulnerability, tracked as CVE-2025-13915 (CVSS score of 9.8) that allows remote access via an authentication bypass.
API Connect is IBM’s API management platform. It’s used by organizations to create, secure, manage, publish, and monitor APIs across their environments.
The vulnerability is a potential authentication bypass in IBM API Connect that was discovered during internal testing.
“IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.” reads the advisory.
The flaw impacts the following products and versions:
| Affected Product(s) | Version(s) |
| API Connect | V10.0.8.0-V10.0.8.5 |
| API Connect | V10.0.11.0 |
As a workaround, customers who cannot apply the interim fix should disable self-service sign-up on the Developer Portal to reduce exposure to the vulnerability.
At this time, there is no evidence of active exploitation. Users are strongly advised to apply the fixes promptly to ensure protection.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, IBM)
如有侵权请联系:admin#unsafe.sh