CVE-2025-36361
IBM App Connect Enterprise runtime is vulnerable to a lack of authorization on windows environments using IWA
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.3EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
24 Oct 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected products
IBM · App Connect Enterprise