CVE-2025-13490
IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that report metrics are vulnerable to loss of confidentiality
CVSS Score
5.9
EPSS Score
0.0%
EPSS Percentile
0th
IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.0.11.2‑r1 through 12.0.12.5‑r1 and 13.0.1.0‑r1 through 13.0.6.1‑r1, and LTS versions 12.0.12‑r1 through 12.0.12‑r20, contain a vulnerability in which the IBM App Connect Enterprise Certified Container transmits data in clear text, potentially allowing an attacker to intercept and obtain sensitive information through man‑in‑the‑middle techniques.
| Vendor | ibm |
| Product | app connect operator |
| Published | Mar 3, 2026 |
| Last Updated | Mar 4, 2026 |
Stay Ahead of the Next One
Get instant alerts for ibm app connect operator
Be the first to know when new medium vulnerabilities affecting ibm app connect operator are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected Versions
IBM / App Connect Operator
CD:11.3.0 ≤ 11.6.0, 12.1.0 - 12.20.112.0 LTS:12.0.0 - 12.0.20
IBM / App Connect EnterpriseCertified Containers Operands
CD:12.0.11.2 ≤ r1 - 12.0.12.5-r1, 13.0.1.0-r1 - 13.0.6.1-r112.0 LTS:12.0.12-r1 - 12.0.12-r20