PT-2025-5798 · Ibm · Ibm App Connect Enterprise
Published
2025-02-04
·
Updated
2025-08-12
·
CVE-2025-0799
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:C/A:N |
Name of the Vulnerable Software and Affected Versions
IBM App Connect enterprise versions 12.0.1.0 through 12.0.12.10
IBM App Connect enterprise versions 13.0.1.0 through 13.0.2.1
Description
The issue allows an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted directories.
Recommendations
For IBM App Connect enterprise versions 12.0.1.0 through 12.0.12.10, consider restricting access to the bar configuration deployment feature until a patch is available.
For IBM App Connect enterprise versions 13.0.1.0 through 13.0.2.1, consider restricting access to the bar configuration deployment feature until a patch is available.
As a temporary workaround, consider implementing additional pathname limitations on restricted directories to minimize the risk of exploitation.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm App Connect Enterprise