A vulnerability exists in IBM App Connect Enterprise Certified Container versions 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10. The DesignerAuthoring instances in these versions store their flows in a database that is secured with cryptographic algorithms weaker than expected, potentially allowing a local user to decrypt the data.
Exploitation of this vulnerability could lead to unauthorized decryption of data stored in the application's database, allowing a local user to access sensitive information from the DesignerAuthoring flows.
Users are advised to upgrade to IBM App Connect Enterprise Certified Container Operator version 12.11.0 or higher, and ensure that all DesignerAuthoring components are at 13.0.3.0-r1 or higher. For versions 12.0 LTS, upgrade to version 12.0.11 or higher, and ensure all DesignerAuthoring components are at 12.0.12-r11 or higher.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
