CVE-2025-36133 — Log File Information Exposure in IBM APP Connect Operator

CWE-532 — Log File Information Exposure3 documents3 sources

Severity

5.5MEDIUMNVD

CNA5.9

EPSS

0.0%

top 98.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM APP Connect Operator IBM APP Connect Enterprise Certified Container IBM APP Connect Enterprise Certified Containers Operands

Timeline

PublishedSep 1

Latest updateDec 18

Description

IBM App Connect Enterprise Certified Container CD: 9.2.0 through 11.6.0, 12.1.0 through 12.14.0, and 12.0 LTS: 12.0.0 through 12.0.14stores potentially sensitive information in log files during installation that could be read by a local user on the container.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5ibm/app_connect_enterprise_certified_container9.2.0 — 11.6.0+2

▶NVDibm/app_connect_enterprise_certified_containers_operands20 versions+19

▶NVDibm/app_connect_operator12.0.0 — 12.15.0+2

🔴Vulnerability Details

GHSA

GHSA-p26c-m2c6-49f2: IBM App Connect Enterprise Certified Container CD: 9↗2025-12-18

▶

CVEList

IBM App Connect Enterprise information disclosure↗2025-09-01

▶