IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user.
Fixes

Solution

IBM strongly suggests the following: App Connect Enterprise Certified Container up to 12.10.0 (Continuous Delivery) Upgrade to App Connect Enterprise Certified Container Operator version 12.11.0 or higher, and ensure that all DesignerAuthoring components are at 13.0.3.0-r1 or higher. Documentation on the upgrade process is available at www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator http://www.ibm.com/docs/en/app-connect/13.0 App Connect Enterprise Certified Container 12.0 LTS (Long Term Support) Upgrade to App Connect Enterprise Certified Container Operator version 12.0.11 or higher, and ensure that all DesignerAuthoring components are at 12.0.12-r11 or higher. Documentation on the upgrade process is available at www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases http://www.ibm.com/docs/en/app-connect/12.0


Workaround

No workaround given by the vendor.

History

Sun, 31 Aug 2025 02:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.0:-:*:*:*:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:10.1:-:*:*:*:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.0:-:*:*:*:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.1:-:*:*:*:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:-:*:*:*:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:-:*:*:*:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:-:*:*:*:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:-:*:*:*:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:-:*:*:*:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:-:*:*:*:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.10:-:*:*:*:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:-:*:*:*:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:-:*:*:*:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:-:*:*:*:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.4:-:*:*:*:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.5:-:*:*:*:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.6:-:*:*:*:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.7:-:*:*:*:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.8:-:*:*:*:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.9:-:*:*:*:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.1:-:*:*:*:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:8.2:-:*:*:*:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.0:-:*:*:*:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.1:-:*:*:*:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:9.2:-:*:*:*:*:*:*

Wed, 20 Aug 2025 03:00:00 +0000

Type Values Removed Values Added
First Time appeared Ibm app Connect Enterprise Certified Containers Operands
Ibm app Connect Operator
CPEs cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.11.1:r1:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.11.2:r1:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.11.3:r1:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.0:r1:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.0:r2:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.2:r1:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.3:r1:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.4:r1:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.5:r1:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r10:*:*:lts:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r1:*:*:lts:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.7.0:r4:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.1.0:r1:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.1.0:r2:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.1.1:r1:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.2.0:r1:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.2.1:r1:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.2.2:r1:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.2.2:r2:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:app_connect_operator:*:*:*:*:continuous_delivery:*:*:*
cpe:2.3:a:ibm:app_connect_operator:*:*:*:*:lts:*:*:*
Vendors & Products Ibm app Connect Enterprise Certified Containers Operands
Ibm app Connect Operator

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00016}

epss

{'score': 0.00017}


Fri, 09 May 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 09 May 2025 17:45:00 +0000

Type Values Removed Values Added
Description BM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user. IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user.

Fri, 09 May 2025 17:30:00 +0000

Type Values Removed Values Added
Description BM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user.
Title IBM App Connect Enterprise Certified Container information disclosure
Weaknesses CWE-521
References
Metrics cvssV3_1

{'score': 5.1, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2025-08-31T01:27:51.511Z

Reserved: 2025-03-05T16:10:31.630Z

Link: CVE-2025-1993

cve-icon Vulnrichment

Updated: 2025-05-09T19:41:53.376Z

cve-icon NVD

Status : Analyzed

Published: 2025-05-09T18:16:04.073

Modified: 2025-08-20T02:46:19.360

Link: CVE-2025-1993

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-12T15:26:24Z