Detections
Analytics

IBM App Connect Enterprise runtime lack of authorization (IWA) (7249061)

medium Nessus Plugin ID 271960

Language:

Synopsis

The remote web server is affected by a lack of authorization vulnerability.

Description

IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade IBM App Connect Enterprise to the minimal fix pack levels required by the interim fix and then apply Interim Fix IT48403.

See Also

https://www.ibm.com/support/pages/node/7249061

Plugin Details

Severity: Medium

ID: 271960

File Name: ibm_ace_7249061.nasl

Version: 1.2

Type: remote

Agent: windows, macosx, unix

Family: Misc.

Published: 10/29/2025

Updated: 10/31/2025

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2025-36361

CVSS v3

Risk Factor: Medium

Base Score: 6.3

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Vulnerability Information

CPE: cpe:/a:ibm:app_connect_enterprise

Required KB Items: installed_sw/IBM App Connect Enterprise

Patch Publication Date: 10/24/2025

Vulnerability Publication Date: 10/24/2025

Reference Information

CVE: CVE-2025-36361

IAVB: 2025-B-0179