CVE-2025-1993

📊 5.1 MEDIUM⚡ 0.0%🎯 0 exploits

📅 Published May 9, 2025

📋 Status: Analyzed

IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user.

CVSS v3.1 • [email protected]

🎯 Affected Products & Systems

22 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	ibm	app connect enterprise certified containers operands	12.0.7.0	Vulnerable	cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.7.0:r4:::continuous_delivery:::*
📱App	ibm	app connect enterprise certified containers operands	12.0.11.1	Vulnerable	cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.11.1:r1:::continuous_delivery:::*
📱App	ibm	app connect enterprise certified containers operands	12.0.11.2	Vulnerable	cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.11.2:r1:::continuous_delivery:::*
📱App	ibm	app connect enterprise certified containers operands	12.0.11.3	Vulnerable	cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.11.3:r1:::continuous_delivery:::*
📱App	ibm	app connect enterprise certified containers operands	12.0.12	Vulnerable	cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r1:::lts:::*
📱App	ibm	app connect enterprise certified containers operands	12.0.12	Vulnerable	cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r10:::lts:::*
📱App	ibm	app connect enterprise certified containers operands	12.0.12.0	Vulnerable	cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.0:r1:::continuous_delivery:::*
📱App	ibm	app connect enterprise certified containers operands	12.0.12.0	Vulnerable	cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.0:r2:::continuous_delivery:::*
📱App	ibm	app connect enterprise certified containers operands	12.0.12.2	Vulnerable	cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.2:r1:::continuous_delivery:::*
📱App	ibm	app connect enterprise certified containers operands	12.0.12.3	Vulnerable	cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.3:r1:::continuous_delivery:::*
📱App	ibm	app connect enterprise certified containers operands	12.0.12.4	Vulnerable	cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.4:r1:::continuous_delivery:::*
📱App	ibm	app connect enterprise certified containers operands	12.0.12.5	Vulnerable	cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.5:r1:::continuous_delivery:::*
📱App	ibm	app connect enterprise certified containers operands	13.0.1.0	Vulnerable	cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.1.0:r1:::continuous_delivery:::*
📱App	ibm	app connect enterprise certified containers operands	13.0.1.0	Vulnerable	cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.1.0:r2:::continuous_delivery:::*
📱App	ibm	app connect enterprise certified containers operands	13.0.1.1	Vulnerable	cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.1.1:r1:::continuous_delivery:::*
📱App	ibm	app connect enterprise certified containers operands	13.0.2.0	Vulnerable	cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.2.0:r1:::continuous_delivery:::*
📱App	ibm	app connect enterprise certified containers operands	13.0.2.1	Vulnerable	cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.2.1:r1:::continuous_delivery:::*
📱App	ibm	app connect enterprise certified containers operands	13.0.2.2	Vulnerable	cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.2.2:r1:::continuous_delivery:::*
📱App	ibm	app connect enterprise certified containers operands	13.0.2.2	Vulnerable	cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.2.2:r2:::continuous_delivery:::*
📱App	ibm	app connect operator	≥ 8.1.0 ∧ ≤ 11.6.0	Vulnerable	cpe:2.3:a:ibm:app_connect_operator:::::continuous_delivery:::*
📱App	ibm	app connect operator	≥ 12.0.0 ∧ ≤ 12.10.0	Vulnerable	cpe:2.3:a:ibm:app_connect_operator:::::lts:::*
📱App	ibm	app connect operator	≥ 12.1.0 ∧ ≤ 12.10.0	Vulnerable	cpe:2.3:a:ibm:app_connect_operator:::::continuous_delivery:::*

📱

ibm / app connect enterprise certified containers operands

Application

Vulnerable

Version: 12.0.7.0

CPE:

cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.7.0:r4:*:*:continuous_delivery:*:*:*

📱

ibm / app connect enterprise certified containers operands

Application

Vulnerable

Version: 12.0.11.1

CPE:

cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.11.1:r1:*:*:continuous_delivery:*:*:*

📱

ibm / app connect enterprise certified containers operands

Application

Vulnerable

Version: 12.0.11.2

CPE:

cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.11.2:r1:*:*:continuous_delivery:*:*:*

📱

ibm / app connect enterprise certified containers operands

Application

Vulnerable

Version: 12.0.11.3

CPE:

cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.11.3:r1:*:*:continuous_delivery:*:*:*

📱

ibm / app connect enterprise certified containers operands

Application

Vulnerable

Version: 12.0.12

CPE:

cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r1:*:*:lts:*:*:*

📱

ibm / app connect enterprise certified containers operands

Application

Vulnerable

Version: 12.0.12

CPE:

cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r10:*:*:lts:*:*:*

📱

ibm / app connect enterprise certified containers operands

Application

Vulnerable

Version: 12.0.12.0

CPE:

cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.0:r1:*:*:continuous_delivery:*:*:*

📱

ibm / app connect enterprise certified containers operands

Application

Vulnerable

Version: 12.0.12.0

CPE:

cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.0:r2:*:*:continuous_delivery:*:*:*

📱

ibm / app connect enterprise certified containers operands

Application

Vulnerable

Version: 12.0.12.2

CPE:

cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.2:r1:*:*:continuous_delivery:*:*:*

📱

ibm / app connect enterprise certified containers operands

Application

Vulnerable

Version: 12.0.12.3

CPE:

cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.3:r1:*:*:continuous_delivery:*:*:*

📱

ibm / app connect enterprise certified containers operands

Application

Vulnerable

Version: 12.0.12.4

CPE:

cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.4:r1:*:*:continuous_delivery:*:*:*

📱

ibm / app connect enterprise certified containers operands

Application

Vulnerable

Version: 12.0.12.5

CPE:

cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.5:r1:*:*:continuous_delivery:*:*:*

📱

ibm / app connect enterprise certified containers operands

Application

Vulnerable

Version: 13.0.1.0

CPE:

cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.1.0:r1:*:*:continuous_delivery:*:*:*

📱

ibm / app connect enterprise certified containers operands

Application

Vulnerable

Version: 13.0.1.0

CPE:

cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.1.0:r2:*:*:continuous_delivery:*:*:*

📱

ibm / app connect enterprise certified containers operands

Application

Vulnerable

Version: 13.0.1.1

CPE:

cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.1.1:r1:*:*:continuous_delivery:*:*:*

📱

ibm / app connect enterprise certified containers operands

Application

Vulnerable

Version: 13.0.2.0

CPE:

cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.2.0:r1:*:*:continuous_delivery:*:*:*

📱

ibm / app connect enterprise certified containers operands

Application

Vulnerable

Version: 13.0.2.1

CPE:

cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.2.1:r1:*:*:continuous_delivery:*:*:*

📱

ibm / app connect enterprise certified containers operands

Application

Vulnerable

Version: 13.0.2.2

CPE:

cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.2.2:r1:*:*:continuous_delivery:*:*:*

📱

ibm / app connect enterprise certified containers operands

Application

Vulnerable

Version: 13.0.2.2

CPE:

cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.2.2:r2:*:*:continuous_delivery:*:*:*

📱

ibm / app connect operator

Application

Vulnerable

Version: ≥ 8.1.0 ∧ ≤ 11.6.0

CPE:

cpe:2.3:a:ibm:app_connect_operator:*:*:*:*:continuous_delivery:*:*:*

📱

ibm / app connect operator

Application

Vulnerable

Version: ≥ 12.0.0 ∧ ≤ 12.10.0

CPE:

cpe:2.3:a:ibm:app_connect_operator:*:*:*:*:lts:*:*:*

📱

ibm / app connect operator

Application

Vulnerable

Version: ≥ 12.1.0 ∧ ≤ 12.10.0

CPE:

cpe:2.3:a:ibm:app_connect_operator:*:*:*:*:continuous_delivery:*:*:*

22 products•scroll for more

Metrics

5.1 MEDIUMCVSS v3.1[email protected]

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector:

LOCAL

Complexity:

HIGH

Privileges:

NONE

User Interaction:

NONE

Confidentiality:

HIGH

Integrity:

NONE

Availability:

NONE

Scope:

UNCHANGED

🔍 Technical Details

Analysis Status

Analyzed

CVSS Details

5.1 (MEDIUM)v3.1

Source: [email protected]

EPSS Details

0.0% (Minimal)0.6th percentile

Last updated: Nov 1, 2025

Exploitation probability within 30 days

Published Date

May 9, 2025 (5 months ago)

Last Modified

Aug 20, 2025 (2 months ago)

Security Weaknesses2

CWE-521

References2

NVDgeneral