CVE-2025-36133

Summary

IBM App Connect Enterprise Certified Container CD: 9.2.0 through 11.6.0, 12.1.0 through 12.14.0, and 12.0 LTS: 12.0.0 through 12.0.14stores potentially sensitive information in log files during installation that could be read by a local user on the container.

Affected Software

VendorProductVersion RangeStatus
IBMApp Connect Enterprise Certified Container9.2.0 <= 11.6.0affected
IBMApp Connect Enterprise Certified Container12.0.0 <= 12.0.14affected
IBMApp Connect Enterprise Certified Container12.1.0 <= 12.14.0affected

Weaknesses

  • CWE-532: CWE-532 Insertion of Sensitive Information into Log File

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References