CVE-2025-36133

MEDIUM

IBM App Connect Enterprise Certified ... - Log Information Exposure

Title source: rule

Description

IBM App Connect Enterprise Certified Container CD: 9.2.0 through 11.6.0, 12.1.0 through 12.14.0, and 12.0 LTS: 12.0.0 through 12.0.14stores potentially sensitive information in log files during installation that could be read by a local user on the container.

References (1)

[Vendor Advisory] https://www.ibm.com/support/pages/node/7243690

Scores

CVSS v3 5.9

EPSS 0.0001

EPSS Percentile 1.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-532

Status published

Products (22)

ibm/app_connect_enterprise_certified_containers_operands 12.0.9.0 r2 (2 CPE variants)

ibm/app_connect_enterprise_certified_containers_operands 12.0.10.0 r1 (3 CPE variants)

ibm/app_connect_enterprise_certified_containers_operands 12.0.11.1 r1

ibm/app_connect_enterprise_certified_containers_operands 12.0.11.2 r1

ibm/app_connect_enterprise_certified_containers_operands 12.0.11.3 r1

ibm/app_connect_enterprise_certified_containers_operands 12.0.12 r1 (14 CPE variants)

ibm/app_connect_enterprise_certified_containers_operands 12.0.12.0 r1 (2 CPE variants)

ibm/app_connect_enterprise_certified_containers_operands 12.0.12.2 r1

ibm/app_connect_enterprise_certified_containers_operands 12.0.12.3 r1

ibm/app_connect_enterprise_certified_containers_operands 12.0.12.4 r1

... and 12 more

Published Sep 01, 2025

Tracked Since Feb 18, 2026