CVE-2025-13490 (GCVE-0-2025-13490)

Vulnerability from cvelistv5 – Published: 2026-03-03 19:58 – Updated: 2026-03-04 21:16
VLAI?
Title
IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that report metrics are vulnerable to loss of confidentiality
Summary
IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.0.11.2‑r1 through 12.0.12.5‑r1 and 13.0.1.0‑r1 through 13.0.6.1‑r1, and LTS versions 12.0.12‑r1 through 12.0.12‑r20, contain a vulnerability in which the IBM App Connect Enterprise Certified Container transmits data in clear text, potentially allowing an attacker to intercept and obtain sensitive information through man‑in‑the‑middle techniques.
Severity ?
5.9 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
  • CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
ibm
References
Impacted products
Vendor Product Version
IBM App Connect Operator Affected: CD:11.3.0 , ≤ 11.6.0, 12.1.0 - 12.20.112.0 LTS:12.0.0 - 12.0.20 (semver)
    cpe:2.3:a:ibm:app_connect_operator:cd:11.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_operator:11.6.0:*:*:*:*:*:*:*
 Create a notification for this product.
    IBM App Connect EnterpriseCertified Containers Operands Affected: CD:12.0.11.2 , ≤ r1 - 12.0.12.5-r1, 13.0.1.0-r1 - 13.0.6.1-r112.0 LTS:12.0.12-r1 - 12.0.12-r20 (semver)
    cpe:2.3:a:ibm:app_connect_enterprisecertified_containers_operands:cd:12.0.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprisecertified_containers_operands:r1:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-13490",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-04T21:16:16.704130Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-319",
                "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-04T21:16:34.932Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:app_connect_operator:cd:11.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_operator:11.6.0:*:*:*:*:*:*:*"
          ],
          "product": "App Connect Operator",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "11.6.0, 12.1.0 - 12.20.112.0 LTS:12.0.0 - 12.0.20",
              "status": "affected",
              "version": "CD:11.3.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:ibm:app_connect_enterprisecertified_containers_operands:cd:12.0.11.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprisecertified_containers_operands:r1:*:*:*:*:*:*:*"
          ],
          "product": "App Connect EnterpriseCertified Containers Operands",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "r1 - 12.0.12.5-r1, 13.0.1.0-r1 - 13.0.6.1-r112.0 LTS:12.0.12-r1 - 12.0.12-r20",
              "status": "affected",
              "version": "CD:12.0.11.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.0.11.2\u2011r1 through 12.0.12.5\u2011r1 and 13.0.1.0\u2011r1 through 13.0.6.1\u2011r1, and LTS versions 12.0.12\u2011r1 through 12.0.12\u2011r20, contain a vulnerability in which the IBM App Connect Enterprise Certified Container transmits data in clear text, potentially allowing an attacker to intercept and obtain sensitive information through man\u2011in\u2011the\u2011middle techniques.\u003c/p\u003e"
            }
          ],
          "value": "IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.0.11.2\u2011r1 through 12.0.12.5\u2011r1 and 13.0.1.0\u2011r1 through 13.0.6.1\u2011r1, and LTS versions 12.0.12\u2011r1 through 12.0.12\u2011r20, contain a vulnerability in which the IBM App Connect Enterprise Certified Container transmits data in clear text, potentially allowing an attacker to intercept and obtain sensitive information through man\u2011in\u2011the\u2011middle techniques."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-03T20:00:25.401Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7262271"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM strongly suggests the following:\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eApp Connect Enterprise Certified Container up to 12.20.1 (Continuous Delivery)\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eUpgrade to App Connect Enterprise Certified Container Operator version 12.21.0 or higher, and ensure that all DesignerAuthoring, IntegrationServer and IntegrationRuntime components are at 13.0.6.2-r1 or higher. \u0026nbsp;Documentation on the upgrade process is available at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator\"\u003ehttps://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003cstrong\u003eApp Connect Enterprise Certified Container 12.0 LTS (Long Term Support)\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eUpgrade to App Connect Enterprise Certified Container Operator version 12.0.21 or higher, and ensure that all DesignerAuthoring, IntegrationServer and IntegrationRuntime components are at 12.0.12-r21 or higher. \u0026nbsp;Documentation on the upgrade process is available at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases\"\u003ehttps://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases\u003c/a\u003e\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "IBM strongly suggests the following:\n\nApp Connect Enterprise Certified Container up to 12.20.1 (Continuous Delivery)\n\nUpgrade to App Connect Enterprise Certified Container Operator version 12.21.0 or higher, and ensure that all DesignerAuthoring, IntegrationServer and IntegrationRuntime components are at 13.0.6.2-r1 or higher. \u00a0Documentation on the upgrade process is available at  https://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator \n\n\nApp Connect Enterprise Certified Container 12.0 LTS (Long Term Support)\n\nUpgrade to App Connect Enterprise Certified Container Operator version 12.0.21 or higher, and ensure that all DesignerAuthoring, IntegrationServer and IntegrationRuntime components are at 12.0.12-r21 or higher. \u00a0Documentation on the upgrade process is available at  https://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases"
        }
      ],
      "title": "IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that report metrics are vulnerable to loss of confidentiality",
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-13490",
    "datePublished": "2026-03-03T19:58:18.375Z",
    "dateReserved": "2025-11-20T20:33:14.629Z",
    "dateUpdated": "2026-03-04T21:16:34.932Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-13490\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2026-03-03T20:16:42.013\",\"lastModified\":\"2026-03-04T22:16:11.060\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.0.11.2\u2011r1 through 12.0.12.5\u2011r1 and 13.0.1.0\u2011r1 through 13.0.6.1\u2011r1, and LTS versions 12.0.12\u2011r1 through 12.0.12\u2011r20, contain a vulnerability in which the IBM App Connect Enterprise Certified Container transmits data in clear text, potentially allowing an attacker to intercept and obtain sensitive information through man\u2011in\u2011the\u2011middle techniques.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-319\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-319\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.11.2:r1:*:*:continuous_delivery:*:*:*\",\"matchCriteriaId\":\"3674885C-E41E-432D-B54D-8237AE28F0BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.11.3:r1:*:*:continuous_delivery:*:*:*\",\"matchCriteriaId\":\"8DD9CC74-88BD-4DD5-8D32-FCC376058B75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r1:*:*:lts:*:*:*\",\"matchCriteriaId\":\"860DA805-3E6F-4191-B519-F22C6C291F47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r10:*:*:lts:*:*:*\",\"matchCriteriaId\":\"E2786164-890F-4D0E-BDA3-B5EAA2FDC171\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r11:*:*:lts:*:*:*\",\"matchCriteriaId\":\"029C5F3F-413C-4EA0-AD61-6AD31A3D3C5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r12:*:*:lts:*:*:*\",\"matchCriteriaId\":\"C30D0EC6-8216-4CB6-BA00-4F5A8E6A2038\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r13:*:*:lts:*:*:*\",\"matchCriteriaId\":\"FE21108C-186A-4153-9A2D-E60755D336B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r14:*:*:lts:*:*:*\",\"matchCriteriaId\":\"0BEB718B-B6E8-4B9A-B415-1A0B79F355EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r15:*:*:lts:*:*:*\",\"matchCriteriaId\":\"515CBDE7-7561-44B0-980B-8397BCDDEE41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r16:*:*:lts:*:*:*\",\"matchCriteriaId\":\"BB1FD58D-A910-4725-8DF3-8110717D16CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r17:*:*:lts:*:*:*\",\"matchCriteriaId\":\"C9269D22-86F2-4E77-944F-D287280AEC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r18:*:*:lts:*:*:*\",\"matchCriteriaId\":\"270A427B-627D-4495-84A3-8230C15F5614\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r19:*:*:lts:*:*:*\",\"matchCriteriaId\":\"3DDFDBE0-9383-49E9-AB27-6CB79260AABE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r2:*:*:lts:*:*:*\",\"matchCriteriaId\":\"39CD3717-414D-459B-97E5-D5E3E716F802\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r20:*:*:lts:*:*:*\",\"matchCriteriaId\":\"63A974CD-2F88-46DF-876D-0F60C7A430D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r3:*:*:lts:*:*:*\",\"matchCriteriaId\":\"55611B27-925F-4B7F-A27F-EA09DBD16B18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r4:*:*:lts:*:*:*\",\"matchCriteriaId\":\"36DF4E1E-239A-41EC-88B4-56706C1520FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r5:*:*:lts:*:*:*\",\"matchCriteriaId\":\"11EB2D3E-6344-4176-8877-FD5DCAC6B54B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r6:*:*:lts:*:*:*\",\"matchCriteriaId\":\"8FD86660-3B6F-497F-B2FB-93E4E5E6A6B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r7:*:*:lts:*:*:*\",\"matchCriteriaId\":\"89564F3C-AE15-47C7-A18B-B222BD66AA48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r8:*:*:lts:*:*:*\",\"matchCriteriaId\":\"2CBFAF71-B95D-4A7D-9DB8-D1DBC963E4F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12:r9:*:*:lts:*:*:*\",\"matchCriteriaId\":\"66D6C709-E8AC-49F4-B55C-EB1B91CA7FC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.0:r1:*:*:continuous_delivery:*:*:*\",\"matchCriteriaId\":\"1CF7327E-91B2-49E7-A97E-65E9401C5806\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.0:r2:*:*:continuous_delivery:*:*:*\",\"matchCriteriaId\":\"26B3C29C-08D8-488F-BBD1-C4159ABD9397\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.2:r1:*:*:continuous_delivery:*:*:*\",\"matchCriteriaId\":\"787A0E1D-1373-4C8C-AC51-1776856626C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.3:r1:*:*:continuous_delivery:*:*:*\",\"matchCriteriaId\":\"2F4C1A59-9BA7-42D4-80A2-552A36A84197\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.4:r1:*:*:continuous_delivery:*:*:*\",\"matchCriteriaId\":\"832B1D5A-C1BC-4179-8BA2-8CDFDD2F64A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:12.0.12.5:r1:*:*:continuous_delivery:*:*:*\",\"matchCriteriaId\":\"D0A177C3-85CB-4755-BB31-A70E0217473B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.1.0:r1:*:*:continuous_delivery:*:*:*\",\"matchCriteriaId\":\"7DC9D362-0F22-44F1-A9AC-5B644CE76ACA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.1.0:r2:*:*:continuous_delivery:*:*:*\",\"matchCriteriaId\":\"D19BBB5F-1868-42D5-A937-CD9F027633B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.1.1:r1:*:*:continuous_delivery:*:*:*\",\"matchCriteriaId\":\"853A9A65-421B-49D1-96E9-70E8A9BF4BA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.2.0:r1:*:*:continuous_delivery:*:*:*\",\"matchCriteriaId\":\"40D63040-48B8-4067-ABE7-C6ED3D388FEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.2.1:r1:*:*:continuous_delivery:*:*:*\",\"matchCriteriaId\":\"37AE3E6F-C42E-43C8-AD49-72D25CCD39A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.2.2:r1:*:*:continuous_delivery:*:*:*\",\"matchCriteriaId\":\"BABCDF37-745E-4C6D-85E0-C406A4C825FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.2.2:r2:*:*:continuous_delivery:*:*:*\",\"matchCriteriaId\":\"1D517F13-8FE4-4EB0-979E-7CDB057D8361\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.3.0:r1:*:*:continuous_delivery:*:*:*\",\"matchCriteriaId\":\"1A2D8FCF-795D-44B8-BE82-0853EF60D196\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.3.1:r1:*:*:continuous_delivery:*:*:*\",\"matchCriteriaId\":\"850D1DA1-4790-42E9-9207-59A3A0FDDE06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.4.0:r1:*:*:continuous_delivery:*:*:*\",\"matchCriteriaId\":\"8ECFD3A2-481A-4FDA-BE46-3663B7936D90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.4.1:r1:*:*:continuous_delivery:*:*:*\",\"matchCriteriaId\":\"621D35CC-EF98-4E09-AE41-8B0288842EFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.4.2:r1:*:*:continuous_delivery:*:*:*\",\"matchCriteriaId\":\"73F04574-95A9-4E4B-B6EA-027929BA99F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.5.0:r1:*:*:continuous_delivery:*:*:*\",\"matchCriteriaId\":\"16628E77-7CD0-4819-985D-F156957BEC0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.5.1:r1:*:*:continuous_delivery:*:*:*\",\"matchCriteriaId\":\"F4151A1D-99DA-4227-B8A9-321BA1BBCE18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.5.2:r1:*:*:continuous_delivery:*:*:*\",\"matchCriteriaId\":\"C3E4B20A-044B-41E7-AD34-92C64469E19A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.6.0:r1:*:*:continuous_delivery:*:*:*\",\"matchCriteriaId\":\"E097F753-2F13-42E3-8B5A-3DE3A78E6B91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_enterprise_certified_containers_operands:13.0.6.1:r1:*:*:continuous_delivery:*:*:*\",\"matchCriteriaId\":\"9F134C81-BDFB-4009-9F1C-AEB9AB03DF4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_operator:*:*:*:*:continuous_delivery:*:*:*\",\"versionStartIncluding\":\"11.3.0\",\"versionEndIncluding\":\"11.6.0\",\"matchCriteriaId\":\"CE03393A-C7E5-4D2C-A713-F4EBC7A4EAF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_operator:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndIncluding\":\"12.0.20\",\"matchCriteriaId\":\"3A520B81-D470-4928-B0CF-8348CC76E75A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:app_connect_operator:*:*:*:*:continuous_delivery:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.20.1\",\"matchCriteriaId\":\"BEAF81DB-4E3D-4F7A-A468-0FB28FE310F8\"}]}]}],\"references\":[{\"url\":\"https://www.ibm.com/support/pages/node/7262271\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-13490\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-04T21:16:16.704130Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-319\", \"description\": \"CWE-319 Cleartext Transmission of Sensitive Information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-04T21:16:30.560Z\"}}], \"cna\": {\"title\": \"IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that report metrics are vulnerable to loss of confidentiality\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ibm:app_connect_operator:cd:11.3.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_operator:11.6.0:*:*:*:*:*:*:*\"], \"vendor\": \"IBM\", \"product\": \"App Connect Operator\", \"versions\": [{\"status\": \"affected\", \"version\": \"CD:11.3.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.6.0, 12.1.0 - 12.20.112.0 LTS:12.0.0 - 12.0.20\"}]}, {\"cpes\": [\"cpe:2.3:a:ibm:app_connect_enterprisecertified_containers_operands:cd:12.0.11.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprisecertified_containers_operands:r1:*:*:*:*:*:*:*\"], \"vendor\": \"IBM\", \"product\": \"App Connect EnterpriseCertified Containers Operands\", \"versions\": [{\"status\": \"affected\", \"version\": \"CD:12.0.11.2\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"r1 - 12.0.12.5-r1, 13.0.1.0-r1 - 13.0.6.1-r112.0 LTS:12.0.12-r1 - 12.0.12-r20\"}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"IBM strongly suggests the following:\\n\\nApp Connect Enterprise Certified Container up to 12.20.1 (Continuous Delivery)\\n\\nUpgrade to App Connect Enterprise Certified Container Operator version 12.21.0 or higher, and ensure that all DesignerAuthoring, IntegrationServer and IntegrationRuntime components are at 13.0.6.2-r1 or higher. \\u00a0Documentation on the upgrade process is available at  https://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator \\n\\n\\nApp Connect Enterprise Certified Container 12.0 LTS (Long Term Support)\\n\\nUpgrade to App Connect Enterprise Certified Container Operator version 12.0.21 or higher, and ensure that all DesignerAuthoring, IntegrationServer and IntegrationRuntime components are at 12.0.12-r21 or higher. \\u00a0Documentation on the upgrade process is available at  https://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIBM strongly suggests the following:\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eApp Connect Enterprise Certified Container up to 12.20.1 (Continuous Delivery)\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eUpgrade to App Connect Enterprise Certified Container Operator version 12.21.0 or higher, and ensure that all DesignerAuthoring, IntegrationServer and IntegrationRuntime components are at 13.0.6.2-r1 or higher. \u0026nbsp;Documentation on the upgrade process is available at \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator\\\"\u003ehttps://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003cstrong\u003eApp Connect Enterprise Certified Container 12.0 LTS (Long Term Support)\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eUpgrade to App Connect Enterprise Certified Container Operator version 12.0.21 or higher, and ensure that all DesignerAuthoring, IntegrationServer and IntegrationRuntime components are at 12.0.12-r21 or higher. \u0026nbsp;Documentation on the upgrade process is available at \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases\\\"\u003ehttps://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases\u003c/a\u003e\u003c/p\u003e\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7262271\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"x_generator\": {\"engine\": \"ibm-cvegen\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.0.11.2\\u2011r1 through 12.0.12.5\\u2011r1 and 13.0.1.0\\u2011r1 through 13.0.6.1\\u2011r1, and LTS versions 12.0.12\\u2011r1 through 12.0.12\\u2011r20, contain a vulnerability in which the IBM App Connect Enterprise Certified Container transmits data in clear text, potentially allowing an attacker to intercept and obtain sensitive information through man\\u2011in\\u2011the\\u2011middle techniques.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.0.11.2\\u2011r1 through 12.0.12.5\\u2011r1 and 13.0.1.0\\u2011r1 through 13.0.6.1\\u2011r1, and LTS versions 12.0.12\\u2011r1 through 12.0.12\\u2011r20, contain a vulnerability in which the IBM App Connect Enterprise Certified Container transmits data in clear text, potentially allowing an attacker to intercept and obtain sensitive information through man\\u2011in\\u2011the\\u2011middle techniques.\u003c/p\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2026-03-03T20:00:25.401Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-13490\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-04T21:16:34.932Z\", \"dateReserved\": \"2025-11-20T20:33:14.629Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2026-03-03T19:58:18.375Z\", \"assignerShortName\": \"ibm\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.