fkie_nvd - fkie_cve-2025-1993

fkie_cve-2025-1993

Vulnerability from fkie_nvd

Published

2025-05-09 18:16

Modified

2025-08-20 02:46

Severity ?

5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user.

References

▶	URL	Tags
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7233054	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	app_connect_enterprise_certified_containers_operands	12.0.7.0
ibm	app_connect_enterprise_certified_containers_operands	12.0.11.1
ibm	app_connect_enterprise_certified_containers_operands	12.0.11.2
ibm	app_connect_enterprise_certified_containers_operands	12.0.11.3
ibm	app_connect_enterprise_certified_containers_operands	12.0.12
ibm	app_connect_enterprise_certified_containers_operands	12.0.12
ibm	app_connect_enterprise_certified_containers_operands	12.0.12.0
ibm	app_connect_enterprise_certified_containers_operands	12.0.12.0
ibm	app_connect_enterprise_certified_containers_operands	12.0.12.2
ibm	app_connect_enterprise_certified_containers_operands	12.0.12.3
ibm	app_connect_enterprise_certified_containers_operands	12.0.12.4
ibm	app_connect_enterprise_certified_containers_operands	12.0.12.5
ibm	app_connect_enterprise_certified_containers_operands	13.0.1.0
ibm	app_connect_enterprise_certified_containers_operands	13.0.1.0
ibm	app_connect_enterprise_certified_containers_operands	13.0.1.1
ibm	app_connect_enterprise_certified_containers_operands	13.0.2.0
ibm	app_connect_enterprise_certified_containers_operands	13.0.2.1
ibm	app_connect_enterprise_certified_containers_operands	13.0.2.2
ibm	app_connect_enterprise_certified_containers_operands	13.0.2.2
ibm	app_connect_operator	*
ibm	app_connect_operator	*
ibm	app_connect_operator	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.7.0:r4:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "F9D2BC99-027C-4BF4-AFE7-EAA2919B7BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.11.1:r1:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "21A82A5E-0955-4282-B182-FEBAED893E5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.11.2:r1:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "3674885C-E41E-432D-B54D-8237AE28F0BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.11.3:r1:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "8DD9CC74-88BD-4DD5-8D32-FCC376058B75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r1:*:*:lts:*:*:*",
              "matchCriteriaId": "860DA805-3E6F-4191-B519-F22C6C291F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r10:*:*:lts:*:*:*",
              "matchCriteriaId": "E2786164-890F-4D0E-BDA3-B5EAA2FDC171",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.0:r1:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "1CF7327E-91B2-49E7-A97E-65E9401C5806",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.0:r2:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "26B3C29C-08D8-488F-BBD1-C4159ABD9397",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.2:r1:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "787A0E1D-1373-4C8C-AC51-1776856626C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.3:r1:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "2F4C1A59-9BA7-42D4-80A2-552A36A84197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.4:r1:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "832B1D5A-C1BC-4179-8BA2-8CDFDD2F64A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.5:r1:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "D0A177C3-85CB-4755-BB31-A70E0217473B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.1.0:r1:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "7DC9D362-0F22-44F1-A9AC-5B644CE76ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.1.0:r2:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "D19BBB5F-1868-42D5-A937-CD9F027633B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.1.1:r1:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "853A9A65-421B-49D1-96E9-70E8A9BF4BA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.2.0:r1:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "40D63040-48B8-4067-ABE7-C6ED3D388FEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.2.1:r1:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "37AE3E6F-C42E-43C8-AD49-72D25CCD39A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.2.2:r1:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "BABCDF37-745E-4C6D-85E0-C406A4C825FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.2.2:r2:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "1D517F13-8FE4-4EB0-979E-7CDB057D8361",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_operator:*:*:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "183163B3-F03C-4B2D-B58F-8CF29F241899",
              "versionEndIncluding": "11.6.0",
              "versionStartIncluding": "8.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_operator:*:*:*:*:lts:*:*:*",
              "matchCriteriaId": "2A89D55D-C1DE-490D-9B0C-1FC32FD98E8B",
              "versionEndIncluding": "12.10.0",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_operator:*:*:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "777A67F3-73AD-4095-94C4-1EB9EF00415B",
              "versionEndIncluding": "12.10.0",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user."
    },
    {
      "lang": "es",
      "value": "Las instancias de DesignerAuthoring de IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9 y 12.10 almacenan sus flujos en una base de datos que est\u00e1 protegida por algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan ser descifrados por un usuario local."
    }
  ],
  "id": "CVE-2025-1993",
  "lastModified": "2025-08-20T02:46:19.360",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-05-09T18:16:04.073",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7233054"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-521"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-521"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2025-1993 (GCVE-0-2025-1993)

Vulnerability from cvelistv5

Published

2025-05-09 17:12

Modified

2025-08-11 16:51

Severity ?

5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-521 - Weak Password Requirements

Summary

References

►

URL

Tags

https://www.ibm.com/support/pages/node/7233054

vendor-advisory, patch