Zero Day MonitorZDM

← Back to list

5.9

CVE-2025-13490PATCHED

ibm · app_connect_enterprise_certified_containers_operands

IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.

Description

IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.0.11.2‑r1 through 12.0.12.5‑r1 and 13.0.1.0‑r1 through 13.0.6.1‑r1, and LTS versions 12.0.12‑r1 through 12.0.12‑r20, contain a vulnerability in which the IBM App Connect Enterprise Certified Container transmits data in clear text, potentially allowing an attacker to intercept and obtain sensitive information through man‑in‑the‑middle techniques.

Affected Products

Vendor	Product	Versions
ibm	app_connect_enterprise_certified_containers_operands	<= 11.6.0, <= 12.0.20, <= 12.20.1

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
ibm	app connect enterprise	cert_advisory	90%

References

https://www.ibm.com/support/pages/node/7262271(Vendor Advisory)

Related News (2 articles)

Tier B

BSI Advisories2d ago

[NEU] [mittel] IBM App Connect Enterprise: Mehrere Schwachstellen ermöglichen Denial of Service

→ No new info (linked only)

Tier B

BSI Advisories5d ago

[NEU] [hoch] IBM App Connect Enterprise: Mehrere Schwachstellen

→ No new info (linked only)

CVSS 3.15.9 MEDIUM

VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA KEV❌ No

Actively exploited❌ No

Patch available

11.6.012.0.2012.20.1

CWECWE-319, CWE-319

PublishedMar 3, 2026

Last enriched5d ago

Tags

multiple-vulnerabilitiesarbitrary-code-executiondenial-of-servicecross-site-scriptingfile-manipulation

Trending Score1

Source articles2

Independent1

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

Multiple Vulnerabilities in IBM Security Verify Access Allowing Privilege Escalation, Code Execution, and Data Exposure

HIGHCVE-2025-13855

IBM Storage Protect Server is affected by a vulnerability that could allow authenticated users to access administrative metadata through the JSON-RPC endpoint .

NONECVE-2026-29063

Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep(), mergeDeepWith(), merge(),

HIGHCVE-2025-36258

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user.

MEDIUMCVE-2025-14807

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 3, 2026

Patch Available

Mar 4, 2026

Discovered by ZDM

Mar 26, 2026