CVE-2025-36133
MEDIUMIBM App Connect Enterprise 9.2.0-11.6.0, 12.0.0-12.0.14, 12.1.0-12.14.0 - Sensitive Information Exposure
Title source: llmDescription
IBM App Connect Enterprise Certified Container CD: 9.2.0 through 11.6.0, 12.1.0 through 12.14.0, and 12.0 LTS: 12.0.0 through 12.0.14stores potentially sensitive information in log files during installation that could be read by a local user on the container.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
patch
https://www.ibm.com/support/pages/node/7243690
Scores
CVSS v3
5.9
EPSS
0.0010
EPSS Percentile
1.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-532
Status
published
Products (22)
ibm/app_connect_enterprise_certified_containers_operands
12.0.9.0 r2 (2 CPE variants)
ibm/app_connect_enterprise_certified_containers_operands
12.0.10.0 r1 (3 CPE variants)
ibm/app_connect_enterprise_certified_containers_operands
12.0.11.1 r1
ibm/app_connect_enterprise_certified_containers_operands
12.0.11.2 r1
ibm/app_connect_enterprise_certified_containers_operands
12.0.11.3 r1
ibm/app_connect_enterprise_certified_containers_operands
12.0.12 r1 (14 CPE variants)
ibm/app_connect_enterprise_certified_containers_operands
12.0.12.0 r1 (2 CPE variants)
ibm/app_connect_enterprise_certified_containers_operands
12.0.12.2 r1
ibm/app_connect_enterprise_certified_containers_operands
12.0.12.3 r1
ibm/app_connect_enterprise_certified_containers_operands
12.0.12.4 r1
... and 12 more
Published
Sep 01, 2025
Tracked Since
Feb 18, 2026