fkie_nvd - fkie_cve-2025-36133

fkie_cve-2025-36133

Vulnerability from fkie_nvd

Published

2025-09-01 12:15

Modified

2025-12-18 17:49

Severity ?

5.9 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

IBM App Connect Enterprise Certified Container CD: 9.2.0 through 11.6.0, 12.1.0 through 12.14.0, and 12.0 LTS: 12.0.0 through 12.0.14stores potentially sensitive information in log files during installation that could be read by a local user on the container.

References

	URL	Tags
	psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7243690	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	app_connect_enterprise_certified_containers_operands	12.0.9.0
ibm	app_connect_enterprise_certified_containers_operands	12.0.9.0
ibm	app_connect_enterprise_certified_containers_operands	12.0.10.0
ibm	app_connect_enterprise_certified_containers_operands	12.0.10.0
ibm	app_connect_enterprise_certified_containers_operands	12.0.10.0
ibm	app_connect_enterprise_certified_containers_operands	12.0.11.1
ibm	app_connect_enterprise_certified_containers_operands	12.0.11.2
ibm	app_connect_enterprise_certified_containers_operands	12.0.11.3
ibm	app_connect_enterprise_certified_containers_operands	12.0.12
ibm	app_connect_enterprise_certified_containers_operands	12.0.12
ibm	app_connect_enterprise_certified_containers_operands	12.0.12
ibm	app_connect_enterprise_certified_containers_operands	12.0.12
ibm	app_connect_enterprise_certified_containers_operands	12.0.12
ibm	app_connect_enterprise_certified_containers_operands	12.0.12
ibm	app_connect_enterprise_certified_containers_operands	12.0.12
ibm	app_connect_enterprise_certified_containers_operands	12.0.12
ibm	app_connect_enterprise_certified_containers_operands	12.0.12
ibm	app_connect_enterprise_certified_containers_operands	12.0.12
ibm	app_connect_enterprise_certified_containers_operands	12.0.12
ibm	app_connect_enterprise_certified_containers_operands	12.0.12
ibm	app_connect_enterprise_certified_containers_operands	12.0.12
ibm	app_connect_enterprise_certified_containers_operands	12.0.12
ibm	app_connect_enterprise_certified_containers_operands	12.0.12.0
ibm	app_connect_enterprise_certified_containers_operands	12.0.12.0
ibm	app_connect_enterprise_certified_containers_operands	12.0.12.2
ibm	app_connect_enterprise_certified_containers_operands	12.0.12.3
ibm	app_connect_enterprise_certified_containers_operands	12.0.12.4
ibm	app_connect_enterprise_certified_containers_operands	12.0.12.5
ibm	app_connect_enterprise_certified_containers_operands	13.0.1.0
ibm	app_connect_enterprise_certified_containers_operands	13.0.1.0
ibm	app_connect_enterprise_certified_containers_operands	13.0.1.1
ibm	app_connect_enterprise_certified_containers_operands	13.0.2.0
ibm	app_connect_enterprise_certified_containers_operands	13.0.2.1
ibm	app_connect_enterprise_certified_containers_operands	13.0.2.2
ibm	app_connect_enterprise_certified_containers_operands	13.0.2.2
ibm	app_connect_enterprise_certified_containers_operands	13.0.3.0
ibm	app_connect_enterprise_certified_containers_operands	13.0.3.1
ibm	app_connect_enterprise_certified_containers_operands	13.0.4.0
ibm	app_connect_enterprise_certified_containers_operands	13.0.4.1
ibm	app_connect_operator	*
ibm	app_connect_operator	*
ibm	app_connect_operator	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.9.0:r2:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "E344A95C-55C1-4FA7-9523-0FF017EAE560",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.9.0:r3:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "2A9774E9-024B-4534-96DE-57698B29C6D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.10.0:r1:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "DA72E385-0B8C-4F2B-9E77-52960885191B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.10.0:r2:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "26008CF5-FCB3-4B97-85A0-AABE059CCCC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.10.0:r3:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "096CCE5F-A659-4371-9944-183338DE22C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.11.1:r1:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "21A82A5E-0955-4282-B182-FEBAED893E5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.11.2:r1:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "3674885C-E41E-432D-B54D-8237AE28F0BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.11.3:r1:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "8DD9CC74-88BD-4DD5-8D32-FCC376058B75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r1:*:*:lts:*:*:*",
              "matchCriteriaId": "860DA805-3E6F-4191-B519-F22C6C291F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r10:*:*:lts:*:*:*",
              "matchCriteriaId": "E2786164-890F-4D0E-BDA3-B5EAA2FDC171",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r11:*:*:lts:*:*:*",
              "matchCriteriaId": "029C5F3F-413C-4EA0-AD61-6AD31A3D3C5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r12:*:*:lts:*:*:*",
              "matchCriteriaId": "C30D0EC6-8216-4CB6-BA00-4F5A8E6A2038",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r13:*:*:lts:*:*:*",
              "matchCriteriaId": "FE21108C-186A-4153-9A2D-E60755D336B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r14:*:*:lts:*:*:*",
              "matchCriteriaId": "0BEB718B-B6E8-4B9A-B415-1A0B79F355EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r2:*:*:lts:*:*:*",
              "matchCriteriaId": "39CD3717-414D-459B-97E5-D5E3E716F802",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r3:*:*:lts:*:*:*",
              "matchCriteriaId": "55611B27-925F-4B7F-A27F-EA09DBD16B18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r4:*:*:lts:*:*:*",
              "matchCriteriaId": "36DF4E1E-239A-41EC-88B4-56706C1520FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r5:*:*:lts:*:*:*",
              "matchCriteriaId": "11EB2D3E-6344-4176-8877-FD5DCAC6B54B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r6:*:*:lts:*:*:*",
              "matchCriteriaId": "8FD86660-3B6F-497F-B2FB-93E4E5E6A6B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r7:*:*:lts:*:*:*",
              "matchCriteriaId": "89564F3C-AE15-47C7-A18B-B222BD66AA48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r8:*:*:lts:*:*:*",
              "matchCriteriaId": "2CBFAF71-B95D-4A7D-9DB8-D1DBC963E4F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r9:*:*:lts:*:*:*",
              "matchCriteriaId": "66D6C709-E8AC-49F4-B55C-EB1B91CA7FC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.0:r1:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "1CF7327E-91B2-49E7-A97E-65E9401C5806",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.0:r2:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "26B3C29C-08D8-488F-BBD1-C4159ABD9397",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.2:r1:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "787A0E1D-1373-4C8C-AC51-1776856626C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.3:r1:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "2F4C1A59-9BA7-42D4-80A2-552A36A84197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.4:r1:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "832B1D5A-C1BC-4179-8BA2-8CDFDD2F64A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.5:r1:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "D0A177C3-85CB-4755-BB31-A70E0217473B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.1.0:r1:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "7DC9D362-0F22-44F1-A9AC-5B644CE76ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.1.0:r2:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "D19BBB5F-1868-42D5-A937-CD9F027633B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.1.1:r1:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "853A9A65-421B-49D1-96E9-70E8A9BF4BA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.2.0:r1:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "40D63040-48B8-4067-ABE7-C6ED3D388FEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.2.1:r1:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "37AE3E6F-C42E-43C8-AD49-72D25CCD39A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.2.2:r1:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "BABCDF37-745E-4C6D-85E0-C406A4C825FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.2.2:r2:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "1D517F13-8FE4-4EB0-979E-7CDB057D8361",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.3.0:r1:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "1A2D8FCF-795D-44B8-BE82-0853EF60D196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.3.1:r1:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "850D1DA1-4790-42E9-9207-59A3A0FDDE06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.4.0:r1:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "8ECFD3A2-481A-4FDA-BE46-3663B7936D90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.4.1:r1:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "621D35CC-EF98-4E09-AE41-8B0288842EFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_operator:*:*:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "3E37A7B1-C39A-48F1-9A74-EDB8E4509B1D",
              "versionEndIncluding": "11.6.0",
              "versionStartIncluding": "9.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_operator:*:*:*:*:lts:*:*:*",
              "matchCriteriaId": "A963D33E-339B-489B-BB62-ECB783B62F0E",
              "versionEndExcluding": "12.15.0",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:app_connect_operator:*:*:*:*:continuous_delivery:*:*:*",
              "matchCriteriaId": "FD1BB8CA-49FE-4765-9BA3-81DA044A06AC",
              "versionEndExcluding": "12.15.0",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM App Connect Enterprise Certified Container CD: 9.2.0 through 11.6.0, 12.1.0 through 12.14.0, and\u00a012.0 LTS: 12.0.0 through 12.0.14stores potentially sensitive information in log files during installation that could be read by a local user on the container."
    }
  ],
  "id": "CVE-2025-36133",
  "lastModified": "2025-12-18T17:49:01.383",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 4.0,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-09-01T12:15:31.333",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7243690"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    }
  ]
}

CVE-2025-36133 (GCVE-0-2025-36133)

Vulnerability from cvelistv5

Published

2025-09-01 11:56

Modified

2025-09-02 20:33

Severity ?

5.9 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

CWE

CWE-532 - Insertion of Sensitive Information into Log File

Summary

References

URL

Tags

https://www.ibm.com/support/pages/node/7243690

vendor-advisory, patch