IBM App Connect Enterprise runtime is vulnerable to a lack...

6.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Description

IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization.

Basic Information

ID CVE-2025-36361

Source ibm

Published Oct 24, 2025 at 09:35

Affected Product

Vendor IBM

Product App Connect Enterprise

Version 13.0.1.0

Affected Versions IBM App Connect Enterprise 13.0.1.0
IBM App Connect Enterprise 12.0.1.0

References

www.ibm.com /support/pages/node/7249061

{
    "lastseen": "",
    "description": "IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization.",
    "published": "2025-10-24T09:35:20.590Z",
    "modified": "2025-10-24T09:35:20.590Z",
    "type": "cve",
    "title": "IBM App Connect Enterprise runtime is vulnerable to a lack of authorization on windows environments using IWA",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7249061",
    "id": "CVE-2025-36361",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "IBM App Connect Enterprise 13.0.1.0\nIBM App Connect Enterprise 12.0.1.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "App Connect Enterprise",
    "version": "13.0.1.0",
    "vendor": "IBM",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

IBM App Connect Enterprise runtime is vulnerable to a lack of authorization on windows environments using IWA_CVE-2025-36361

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply