CVE-2025-1993

EUVD-2025-14180
IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.1 MEDIUM
LOCAL
HIGH
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
ibmCNA
5.1 MEDIUM
LOCAL
HIGH
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Affected Products (NVD)
VendorProductVersion
ibmapp_connect_enterprise_certified_containers_operands
12.0.7.0:r4
ibmapp_connect_enterprise_certified_containers_operands
12.0.11.1:r1
ibmapp_connect_enterprise_certified_containers_operands
12.0.11.2:r1
ibmapp_connect_enterprise_certified_containers_operands
12.0.11.3:r1
ibmapp_connect_enterprise_certified_containers_operands
12.0.12:r1
ibmapp_connect_enterprise_certified_containers_operands
12.0.12:r10
ibmapp_connect_enterprise_certified_containers_operands
12.0.12.0:r1
ibmapp_connect_enterprise_certified_containers_operands
12.0.12.0:r2
ibmapp_connect_enterprise_certified_containers_operands
12.0.12.2:r1
ibmapp_connect_enterprise_certified_containers_operands
12.0.12.3:r1
ibmapp_connect_enterprise_certified_containers_operands
12.0.12.4:r1
ibmapp_connect_enterprise_certified_containers_operands
12.0.12.5:r1
ibmapp_connect_enterprise_certified_containers_operands
13.0.1.0:r1
ibmapp_connect_enterprise_certified_containers_operands
13.0.1.0:r2
ibmapp_connect_enterprise_certified_containers_operands
13.0.1.1:r1
ibmapp_connect_enterprise_certified_containers_operands
13.0.2.0:r1
ibmapp_connect_enterprise_certified_containers_operands
13.0.2.1:r1
ibmapp_connect_enterprise_certified_containers_operands
13.0.2.2:r1
ibmapp_connect_enterprise_certified_containers_operands
13.0.2.2:r2
ibmapp_connect_operator
8.1.0 ≤
𝑥
≤ 11.6.0
ibmapp_connect_operator
12.0.0 ≤
𝑥
≤ 12.10.0
ibmapp_connect_operator
12.1.0 ≤
𝑥
≤ 12.10.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.ibm.com/support/pages/node/7233054