PT-2026-22794 · Ibm · App Connect Enterprisecertified Containers Operands+1
Published
2026-03-03
·
Updated
2026-03-04
·
CVE-2025-13490
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM App Connect Operator versions 11.3.0 through 11.6.0
IBM App Connect Operator versions 12.1.0 through 12.20.0
IBM App Connect Operator LTS versions 12.0.0 through 12.0.20
IBM App Connect Enterprise Certified Containers Operands versions 12.0.11.2‑r1 through 12.0.12.5‑r1
IBM App Connect Enterprise Certified Containers Operands versions 13.0.1.0‑r1 through 13.0.6.1‑r1
IBM App Connect Enterprise Certified Containers Operands LTS versions 12.0.12‑r1 through 12.0.12‑r20
Description
The software transmits data in clear text, which could allow an attacker to intercept sensitive information using man‑in‑the‑middle techniques.
Recommendations
Update IBM App Connect Operator to a version later than 12.20.0.
Update IBM App Connect Operator LTS to a version later than 12.0.20.
Update IBM App Connect Enterprise Certified Containers Operands to a version later than 12.0.12.5‑r1.
Update IBM App Connect Enterprise Certified Containers Operands to a version later than 13.0.6.1‑r1.
Update IBM App Connect Enterprise Certified Containers Operands LTS to a version later than 12.0.12‑r20.
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
App Connect Enterprisecertified Containers Operands
App Connect Operator