Unrated severityNVD Advisory· Published Mar 3, 2026· Updated Mar 4, 2026

IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that report metrics are vulnerable to loss of confidentiality

CVE-2025-13490

Description

IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.0.11.2‑r1 through 12.0.12.5‑r1 and 13.0.1.0‑r1 through 13.0.6.1‑r1, and LTS versions 12.0.12‑r1 through 12.0.12‑r20, contain a vulnerability in which the IBM App Connect Enterprise Certified Container transmits data in clear text, potentially allowing an attacker to intercept and obtain sensitive information through man‑in‑the‑middle techniques.

Affected products

IBM/App Connect EnterpriseCertified Containers Operandsv5
cpe:2.3:a:ibm:app_connect_enterprisecertified_containers_operands:cd:12.0.11.2:*:*:*:*:*:*:*
Range: CD:12.0.11.2
IBM/App Connect Operatorv5
cpe:2.3:a:ibm:app_connect_operator:cd:11.3.0:*:*:*:*:*:*:*
Range: CD:11.3.0
IBM/App Connect Operatorllm-create
Range: CD 11.3.0-11.6.0, CD 12.1.0-12.20.0, LTS 12.0.0-12.0.20
IBM/App Connect Enterprise Certified Containers Operandsllm-create
Range: CD 12.0.11.2-r1-12.0.12.5-r1, CD 13.0.1.0-r1-13.0.6.1-r1, LTS 12.0.12-r1-12.0.12-r20

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ibm.com/support/pages/node/7262271mitrevendor-advisorypatch

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000