CVE-2025-1993

Summary

IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user.

Affected Software

VendorProductVersion RangeStatus
IBMApp Connect Enterprise Certified Container8.1affected
IBMApp Connect Enterprise Certified Container8.2affected
IBMApp Connect Enterprise Certified Container9.0affected
IBMApp Connect Enterprise Certified Container9.1affected
IBMApp Connect Enterprise Certified Container9.2affected
IBMApp Connect Enterprise Certified Container10.0affected
IBMApp Connect Enterprise Certified Container10.1affected
IBMApp Connect Enterprise Certified Container11.0affected
IBMApp Connect Enterprise Certified Container11.1affected
IBMApp Connect Enterprise Certified Container11.2affected
IBMApp Connect Enterprise Certified Container11.3affected
IBMApp Connect Enterprise Certified Container11.4affected
IBMApp Connect Enterprise Certified Container11.5affected
IBMApp Connect Enterprise Certified Container11.6affected
IBMApp Connect Enterprise Certified Container12.0affected
IBMApp Connect Enterprise Certified Container12.1affected
IBMApp Connect Enterprise Certified Container12.2affected
IBMApp Connect Enterprise Certified Container12.3affected
IBMApp Connect Enterprise Certified Container12.4affected
IBMApp Connect Enterprise Certified Container12.5affected
IBMApp Connect Enterprise Certified Container12.6affected
IBMApp Connect Enterprise Certified Container12.7affected
IBMApp Connect Enterprise Certified Container12.8affected
IBMApp Connect Enterprise Certified Container12.9affected
IBMApp Connect Enterprise Certified Container12.10affected

Weaknesses

  • CWE-521: CWE-521 Weak Password Requirements

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References