CVE-2025-1993
MEDIUMIBM App Connect Enterprise Certified Container - Info Disclosure
Title source: llmDescription
IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
patch
https://www.ibm.com/support/pages/node/7233054
Scores
CVSS v3
5.1
EPSS
0.0011
EPSS Percentile
1.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-521
Status
published
Products (17)
ibm/app_connect_enterprise_certified_containers_operands
12.0.7.0 r4
ibm/app_connect_enterprise_certified_containers_operands
12.0.11.1 r1
ibm/app_connect_enterprise_certified_containers_operands
12.0.11.2 r1
ibm/app_connect_enterprise_certified_containers_operands
12.0.11.3 r1
ibm/app_connect_enterprise_certified_containers_operands
12.0.12 r1 (2 CPE variants)
ibm/app_connect_enterprise_certified_containers_operands
12.0.12.0 r1 (2 CPE variants)
ibm/app_connect_enterprise_certified_containers_operands
12.0.12.2 r1
ibm/app_connect_enterprise_certified_containers_operands
12.0.12.3 r1
ibm/app_connect_enterprise_certified_containers_operands
12.0.12.4 r1
ibm/app_connect_enterprise_certified_containers_operands
12.0.12.5 r1
... and 7 more
Published
May 09, 2025
Tracked Since
Feb 18, 2026