IBM App Connect Enterprise
Moderate fix2 remedies
cpe:2.3:a:ibm:app_connect_enterprise:*:*:*:*:*:*:*
Moderate fix2 remedies
- >= 13.0.1.0, <= 13.0.4.2
- >= 12.0.1.0, <= 12.0.12.17
IBM App Connect Enterprise Missing Authorization Vulnerability Allowing Unauthorized Actions
Vulnerability
Patched
A vulnerability exists in IBM App Connect Enterprise versions 13.0.1.0 through 13.0.4.2 and 12.0.1.0 through 12.0.12.17. This vulnerability could enable an authenticated user to execute unauthorized actions on customer-defined resources, stemming from a lack of proper authorization. The issue is particularly relevant in Windows environments using Integrated Windows Authentication (IWA).
Impact
Exploitation of this vulnerability could lead to unauthorized actions being performed on customer-defined resources by authenticated users.
Remediation
Users can upgrade to IBM App Connect Enterprise version 13.0.5.0 or 12.0.12.18, both of which include the necessary fix. Instructions for downloading these versions are available on the IBM Support website.
Added: Oct 24, 2025, 10:18 AM
Updated: Oct 24, 2025, 10:18 AM
Vulnerability Rating
Custom Algorithm
spread
2.6impact
1.3exploitability
4.9remediation
7.7relevance
0.8threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.