CVE-2025-1993 | THREATINT

Description

IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user.

PUBLISHED Reserved 2025-03-05 | Published 2025-05-09 | Updated 2025-08-31 | Assigner ibm

MEDIUM: 5.1CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-521 Weak Password Requirements

Product status

Default status

unaffected

8.1

affected

8.2

affected

9.0

affected

9.1

affected

9.2

affected

10.0

affected

10.1

affected

11.0

affected

11.1

affected

11.2

affected

11.3

affected

11.4

affected

11.5

affected

11.6

affected

12.0

affected

12.1

affected

12.2

affected

12.3

affected

12.4

affected

12.5

affected

12.6

affected

12.7

affected

12.8

affected

12.9

affected

12.10

affected

References

www.ibm.com/support/pages/node/7233054 vendor-advisory patch

cve.org (CVE-2025-1993)

nvd.nist.gov (CVE-2025-1993)

Download JSON