Refine your search
2 vulnerabilities found for app_connect_enterprise by ibm
CVE-2025-36361 (GCVE-0-2025-36361)
Vulnerability from nvd
Published
2025-10-24 09:35
Modified
2025-10-25 02:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | App Connect Enterprise |
Version: 13.0.1.0 ≤ 13.0.4.2 Version: 12.0.1.0 ≤ 12.0.12.17 cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_enterprise:13.0.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_enterprise:13.0.4.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.17:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36361",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-24T13:19:00.627097Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-24T13:19:22.209Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise:13.0.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise:13.0.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.17:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "App Connect Enterprise",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "13.0.4.2",
"status": "affected",
"version": "13.0.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.0.12.17",
"status": "affected",
"version": "12.0.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization.\u003c/p\u003e"
}
],
"value": "IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-25T02:03:18.631Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7249061"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes Affected Product(s) Versions(s) APAR Remediation / Fixes IBM App Connect Enterprise 13.0.1.0 - 13.0.4.2 IT48403 The APAR (IT48403) is available from IBM App Connect Enterprise v13- Fix Pack Release 13.0.5.0 IBM App Connect Enterprise 12.0.1.0 - 12.0.12.17 IT48403 The APAR (IT48403) is available from IBM App Connect Enterprise v12- Fix Pack Release 12.0.12.18\u003c/p\u003e"
}
],
"value": "Remediation/Fixes Affected Product(s) Versions(s) APAR Remediation / Fixes IBM App Connect Enterprise 13.0.1.0 - 13.0.4.2 IT48403 The APAR (IT48403) is available from IBM App Connect Enterprise v13- Fix Pack Release 13.0.5.0 IBM App Connect Enterprise 12.0.1.0 - 12.0.12.17 IT48403 The APAR (IT48403) is available from IBM App Connect Enterprise v12- Fix Pack Release 12.0.12.18"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM App Connect Enterprise runtime is vulnerable to a lack of authorization on windows environments using IWA",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36361",
"datePublished": "2025-10-24T09:35:20.590Z",
"dateReserved": "2025-04-15T21:16:55.331Z",
"dateUpdated": "2025-10-25T02:03:18.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36361 (GCVE-0-2025-36361)
Vulnerability from cvelistv5
Published
2025-10-24 09:35
Modified
2025-10-25 02:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | App Connect Enterprise |
Version: 13.0.1.0 ≤ 13.0.4.2 Version: 12.0.1.0 ≤ 12.0.12.17 cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_enterprise:13.0.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_enterprise:13.0.4.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.17:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36361",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-24T13:19:00.627097Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-24T13:19:22.209Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise:13.0.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise:13.0.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.17:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "App Connect Enterprise",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "13.0.4.2",
"status": "affected",
"version": "13.0.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.0.12.17",
"status": "affected",
"version": "12.0.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization.\u003c/p\u003e"
}
],
"value": "IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-25T02:03:18.631Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7249061"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes Affected Product(s) Versions(s) APAR Remediation / Fixes IBM App Connect Enterprise 13.0.1.0 - 13.0.4.2 IT48403 The APAR (IT48403) is available from IBM App Connect Enterprise v13- Fix Pack Release 13.0.5.0 IBM App Connect Enterprise 12.0.1.0 - 12.0.12.17 IT48403 The APAR (IT48403) is available from IBM App Connect Enterprise v12- Fix Pack Release 12.0.12.18\u003c/p\u003e"
}
],
"value": "Remediation/Fixes Affected Product(s) Versions(s) APAR Remediation / Fixes IBM App Connect Enterprise 13.0.1.0 - 13.0.4.2 IT48403 The APAR (IT48403) is available from IBM App Connect Enterprise v13- Fix Pack Release 13.0.5.0 IBM App Connect Enterprise 12.0.1.0 - 12.0.12.17 IT48403 The APAR (IT48403) is available from IBM App Connect Enterprise v12- Fix Pack Release 12.0.12.18"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM App Connect Enterprise runtime is vulnerable to a lack of authorization on windows environments using IWA",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36361",
"datePublished": "2025-10-24T09:35:20.590Z",
"dateReserved": "2025-04-15T21:16:55.331Z",
"dateUpdated": "2025-10-25T02:03:18.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}