CVE-2025-36361 | THREATINT

Description

IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization.

PUBLISHED Reserved 2025-04-15 | Published 2025-10-24 | Updated 2025-10-25 | Assigner ibm

MEDIUM: 6.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Problem types

CWE-862 Missing Authorization

Product status

Default status

unaffected

13.0.1.0 (semver)

affected

12.0.1.0 (semver)

affected

References

www.ibm.com/support/pages/node/7249061 vendor-advisory patch

cve.org (CVE-2025-36361)

nvd.nist.gov (CVE-2025-36361)

Download JSON