Vulnerabilites related to ibm - app_connect_enterprise_certified_containers_operands
CVE-2024-52362 (GCVE-0-2024-52362)
Vulnerability from cvelistv5
Published
2025-03-12 14:04
Modified
2025-03-12 15:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1286 - Improper Validation of Syntactic Correctness of Input
Summary
IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a denial of service in the App Connect flow due to improper validation of server-side input.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | App Connect Enterprise Certified Container |
Version: 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8 cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.8:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52362",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T15:13:55.785610Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T15:14:08.280Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "App Connect Enterprise Certified Container",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a denial of service in the App Connect flow due to improper validation of server-side input."
}
],
"value": "IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a denial of service in the App Connect flow due to improper validation of server-side input."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286 Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T14:04:10.525Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7185527"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM App Connect Enterprise Certified Container denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-52362",
"datePublished": "2025-03-12T14:04:10.525Z",
"dateReserved": "2024-11-10T16:11:09.567Z",
"dateUpdated": "2025-03-12T15:14:08.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1993 (GCVE-0-2025-1993)
Vulnerability from cvelistv5
Published
2025-05-09 17:12
Modified
2025-08-11 16:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-521 - Weak Password Requirements
Summary
IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | App Connect Enterprise Certified Container |
Version: 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, 12.10 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1993",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T19:27:49.855326Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T19:41:57.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "App Connect Enterprise Certified Container",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, 12.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user."
}
],
"value": "IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T16:51:31.111Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7233054"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM strongly suggests the following:\nApp Connect Enterprise Certified Container up to 12.10.0 (Continuous Delivery)\n\nUpgrade to App Connect Enterprise Certified Container Operator version 12.11.0 or higher, and ensure that all DesignerAuthoring components are at 13.0.3.0-r1 or higher. Documentation on the upgrade process is available at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator\"\u003ewww.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator\u003c/a\u003e\n\n\nApp Connect Enterprise Certified Container 12.0 LTS (Long Term Support)\n\nUpgrade to App Connect Enterprise Certified Container Operator version 12.0.11 or higher, and ensure that all DesignerAuthoring components are at 12.0.12-r11 or higher. Documentation on the upgrade process is available at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases\"\u003ewww.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases\u003c/a\u003e"
}
],
"value": "IBM strongly suggests the following:\nApp Connect Enterprise Certified Container up to 12.10.0 (Continuous Delivery)\n\nUpgrade to App Connect Enterprise Certified Container Operator version 12.11.0 or higher, and ensure that all DesignerAuthoring components are at 13.0.3.0-r1 or higher. Documentation on the upgrade process is available at www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator http://www.ibm.com/docs/en/app-connect/13.0 \n\n\nApp Connect Enterprise Certified Container 12.0 LTS (Long Term Support)\n\nUpgrade to App Connect Enterprise Certified Container Operator version 12.0.11 or higher, and ensure that all DesignerAuthoring components are at 12.0.12-r11 or higher. Documentation on the upgrade process is available at www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases http://www.ibm.com/docs/en/app-connect/12.0"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM App Connect Enterprise Certified Container information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1993",
"datePublished": "2025-05-09T17:12:10.041Z",
"dateReserved": "2025-03-05T16:10:31.630Z",
"dateUpdated": "2025-08-11T16:51:31.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2025-03-12 14:15
Modified
2025-04-02 12:37
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a denial of service in the App Connect flow due to improper validation of server-side input.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7185527 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | app_connect_enterprise_certified_containers_operands | 12.0.7.0 | |
| ibm | app_connect_enterprise_certified_containers_operands | 12.0.12.5 | |
| ibm | app_connect_enterprise_certified_containers_operands | 13.0.1.0 | |
| ibm | app_connect_enterprise_certified_containers_operands | 13.0.2.1 | |
| ibm | app_connect_operator | * | |
| ibm | app_connect_operator | * | |
| ibm | app_connect_operator | * | |
| ibm | app_connect_operator | 12.0.12 | |
| ibm | app_connect_operator | 12.0.12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.7.0:r4:*:*:continuous_delivery:*:*:*",
"matchCriteriaId": "F9D2BC99-027C-4BF4-AFE7-EAA2919B7BEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.5:r1:*:*:continuous_delivery:*:*:*",
"matchCriteriaId": "D0A177C3-85CB-4755-BB31-A70E0217473B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.1.0:r1:*:*:continuous_delivery:*:*:*",
"matchCriteriaId": "7DC9D362-0F22-44F1-A9AC-5B644CE76ACA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.2.1:r1:*:*:continuous_delivery:*:*:*",
"matchCriteriaId": "37AE3E6F-C42E-43C8-AD49-72D25CCD39A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:app_connect_operator:*:*:*:*:continuous_delivery:*:*:*",
"matchCriteriaId": "A4347A7F-E070-4CBA-ADD2-0EDEBA137298",
"versionEndIncluding": "11.6.0",
"versionStartIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:app_connect_operator:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "4F9C8F00-2039-4E64-9CE1-034271085913",
"versionEndExcluding": "12.9.0 ",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:app_connect_operator:*:*:*:*:continuous_delivery:*:*:*",
"matchCriteriaId": "D3A5D9B4-D55F-4423-8AEC-02D04E7F59D1",
"versionEndIncluding": "12.8.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:app_connect_operator:12.0.12:r1:*:*:lts:*:*:*",
"matchCriteriaId": "274D4BD8-FB49-47F7-B8BB-887AC072129B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:app_connect_operator:12.0.12:r8:*:*:lts:*:*:*",
"matchCriteriaId": "18B709B4-2B3B-4B30-A3FE-012B5492C94B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a denial of service in the App Connect flow due to improper validation of server-side input."
},
{
"lang": "es",
"value": "IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7 y 12.8 podr\u00edan permitir que un usuario autenticado provoque una denegaci\u00f3n de servicio en el flujo de App Connect debido a una validaci\u00f3n incorrecta de la entrada del lado del servidor."
}
],
"id": "CVE-2024-52362",
"lastModified": "2025-04-02T12:37:19.377",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-03-12T14:15:15.170",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7185527"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1286"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-09 18:16
Modified
2025-08-20 02:46
Severity ?
5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7233054 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.7.0:r4:*:*:continuous_delivery:*:*:*",
"matchCriteriaId": "F9D2BC99-027C-4BF4-AFE7-EAA2919B7BEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.11.1:r1:*:*:continuous_delivery:*:*:*",
"matchCriteriaId": "21A82A5E-0955-4282-B182-FEBAED893E5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.11.2:r1:*:*:continuous_delivery:*:*:*",
"matchCriteriaId": "3674885C-E41E-432D-B54D-8237AE28F0BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.11.3:r1:*:*:continuous_delivery:*:*:*",
"matchCriteriaId": "8DD9CC74-88BD-4DD5-8D32-FCC376058B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r1:*:*:lts:*:*:*",
"matchCriteriaId": "860DA805-3E6F-4191-B519-F22C6C291F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r10:*:*:lts:*:*:*",
"matchCriteriaId": "E2786164-890F-4D0E-BDA3-B5EAA2FDC171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.0:r1:*:*:continuous_delivery:*:*:*",
"matchCriteriaId": "1CF7327E-91B2-49E7-A97E-65E9401C5806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.0:r2:*:*:continuous_delivery:*:*:*",
"matchCriteriaId": "26B3C29C-08D8-488F-BBD1-C4159ABD9397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.2:r1:*:*:continuous_delivery:*:*:*",
"matchCriteriaId": "787A0E1D-1373-4C8C-AC51-1776856626C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.3:r1:*:*:continuous_delivery:*:*:*",
"matchCriteriaId": "2F4C1A59-9BA7-42D4-80A2-552A36A84197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.4:r1:*:*:continuous_delivery:*:*:*",
"matchCriteriaId": "832B1D5A-C1BC-4179-8BA2-8CDFDD2F64A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.5:r1:*:*:continuous_delivery:*:*:*",
"matchCriteriaId": "D0A177C3-85CB-4755-BB31-A70E0217473B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.1.0:r1:*:*:continuous_delivery:*:*:*",
"matchCriteriaId": "7DC9D362-0F22-44F1-A9AC-5B644CE76ACA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.1.0:r2:*:*:continuous_delivery:*:*:*",
"matchCriteriaId": "D19BBB5F-1868-42D5-A937-CD9F027633B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.1.1:r1:*:*:continuous_delivery:*:*:*",
"matchCriteriaId": "853A9A65-421B-49D1-96E9-70E8A9BF4BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.2.0:r1:*:*:continuous_delivery:*:*:*",
"matchCriteriaId": "40D63040-48B8-4067-ABE7-C6ED3D388FEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.2.1:r1:*:*:continuous_delivery:*:*:*",
"matchCriteriaId": "37AE3E6F-C42E-43C8-AD49-72D25CCD39A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.2.2:r1:*:*:continuous_delivery:*:*:*",
"matchCriteriaId": "BABCDF37-745E-4C6D-85E0-C406A4C825FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.2.2:r2:*:*:continuous_delivery:*:*:*",
"matchCriteriaId": "1D517F13-8FE4-4EB0-979E-7CDB057D8361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:app_connect_operator:*:*:*:*:continuous_delivery:*:*:*",
"matchCriteriaId": "183163B3-F03C-4B2D-B58F-8CF29F241899",
"versionEndIncluding": "11.6.0",
"versionStartIncluding": "8.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:app_connect_operator:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "2A89D55D-C1DE-490D-9B0C-1FC32FD98E8B",
"versionEndIncluding": "12.10.0",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:app_connect_operator:*:*:*:*:continuous_delivery:*:*:*",
"matchCriteriaId": "777A67F3-73AD-4095-94C4-1EB9EF00415B",
"versionEndIncluding": "12.10.0",
"versionStartIncluding": "12.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user."
},
{
"lang": "es",
"value": "Las instancias de DesignerAuthoring de IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9 y 12.10 almacenan sus flujos en una base de datos que est\u00e1 protegida por algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan ser descifrados por un usuario local."
}
],
"id": "CVE-2025-1993",
"lastModified": "2025-08-20T02:46:19.360",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-05-09T18:16:04.073",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7233054"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}