Primary

Context

IBM App Connect Enterprise Arbitrary File Write Vulnerability During BAR Configuration Deployment

Vulnerability

Patched

A vulnerability exists in IBM App Connect Enterprise versions 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1. This vulnerability could allow an authenticated user to write arbitrary files to the system during the deployment of BAR configuration. The issue arises from improper restrictions on pathnames in certain directories.

Impact

Exploitation of this vulnerability could lead to unauthorized writing of files on the system, potentially allowing for further exploitation or disruption of the application.

Remediation

Users are advised to apply the interim fix for APAR IT47533, available for version 13.0.2.1 and 12.0.12.10, through IBM Fix Central.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

4.2

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

4.2

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM App Connect Enterprise Arbitrary File Write Vulnerability During BAR Configuration Deployment

Vulnerability

Impact

Remediation

Affected Products

IBM App Connect Enterprise

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating