CVE-2025-36361

Summary

IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization.

Affected Software

VendorProductVersion RangeStatus
IBMApp Connect Enterprise13.0.1.0 <= 13.0.4.2affected
IBMApp Connect Enterprise12.0.1.0 <= 12.0.12.17affected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References