CVE-2025-1993

CWE-521 CWE-3674 documents4 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 87.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM APP Connect Operator IBM APP Connect Enterprise Certified Container IBM APP Connect Enterprise Certified Containers Operands

Timeline

PublishedMay 9

Description

IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 1.4 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5ibm/app_connect_enterprise_certified_container25 versions+24

▶NVDibm/app_connect_enterprise_certified_containers_operands15 versions+14

▶NVDibm/app_connect_operator8.1.0 — 11.6.0+2

🔴Vulnerability Details

GHSA

GHSA-g475-6rmv-x646: IBM App Connect Enterprise Certified Container 8↗2025-05-09

▶

CVEList

IBM App Connect Enterprise Certified Container information disclosure↗2025-05-09

▶