CVE-2025-13490 | THREATINT

Description

IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.0.11.2‑r1 through 12.0.12.5‑r1 and 13.0.1.0‑r1 through 13.0.6.1‑r1, and LTS versions 12.0.12‑r1 through 12.0.12‑r20, contain a vulnerability in which the IBM App Connect Enterprise Certified Container transmits data in clear text, potentially allowing an attacker to intercept and obtain sensitive information through man‑in‑the‑middle techniques.

PUBLISHED Reserved 2025-11-20 | Published 2026-03-03 | Updated 2026-03-03 | Assigner ibm

MEDIUM: 5.9CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Product status

CD:11.3.0 (semver)

affected

CD:12.0.11.2 (semver)

affected

References

www.ibm.com/support/pages/node/7262271 vendor-advisory patch

cve.org (CVE-2025-13490)

nvd.nist.gov (CVE-2025-13490)

Download JSON