IBM App Connect Operator: Sensitive Data Sent in Plain Text

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.9

IBM App Connect Operator: Sensitive Data Sent in Plain Text

CVE-2025-13490

Summary

IBM's App Connect Operator, used to manage business connections, sends sensitive information without encryption, making it possible for unauthorized parties to intercept and access this data. This is a significant security risk, as sensitive information can be compromised. Update to the latest version of App Connect Operator to prevent this vulnerability.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
ibm	app_connect_enterprise_certified_containers_operands	12.0.11.2	–
ibm	app_connect_enterprise_certified_containers_operands	12.0.11.3	–
ibm	app_connect_enterprise_certified_containers_operands	12.0.12	–
ibm	app_connect_enterprise_certified_containers_operands	12.0.12	–
ibm	app_connect_enterprise_certified_containers_operands	12.0.12	–
ibm	app_connect_enterprise_certified_containers_operands	12.0.12	–
ibm	app_connect_enterprise_certified_containers_operands	12.0.12	–
ibm	app_connect_enterprise_certified_containers_operands	12.0.12	–
ibm	app_connect_enterprise_certified_containers_operands	12.0.12	–
ibm	app_connect_enterprise_certified_containers_operands	12.0.12	–
ibm	app_connect_enterprise_certified_containers_operands	12.0.12	–
ibm	app_connect_enterprise_certified_containers_operands	12.0.12	–
ibm	app_connect_enterprise_certified_containers_operands	12.0.12	–
ibm	app_connect_enterprise_certified_containers_operands	12.0.12	–
ibm	app_connect_enterprise_certified_containers_operands	12.0.12	–
ibm	app_connect_enterprise_certified_containers_operands	12.0.12	–
ibm	app_connect_enterprise_certified_containers_operands	12.0.12	–
ibm	app_connect_enterprise_certified_containers_operands	12.0.12	–
ibm	app_connect_enterprise_certified_containers_operands	12.0.12	–
ibm	app_connect_enterprise_certified_containers_operands	12.0.12	–
ibm	app_connect_enterprise_certified_containers_operands	12.0.12	–
ibm	app_connect_enterprise_certified_containers_operands	12.0.12	–
ibm	app_connect_enterprise_certified_containers_operands	12.0.12.0	–
ibm	app_connect_enterprise_certified_containers_operands	12.0.12.0	–
ibm	app_connect_enterprise_certified_containers_operands	12.0.12.2	–
ibm	app_connect_enterprise_certified_containers_operands	12.0.12.3	–
ibm	app_connect_enterprise_certified_containers_operands	12.0.12.4	–
ibm	app_connect_enterprise_certified_containers_operands	12.0.12.5	–
ibm	app_connect_enterprise_certified_containers_operands	13.0.1.0	–
ibm	app_connect_enterprise_certified_containers_operands	13.0.1.0	–
ibm	app_connect_enterprise_certified_containers_operands	13.0.1.1	–
ibm	app_connect_enterprise_certified_containers_operands	13.0.2.0	–
ibm	app_connect_enterprise_certified_containers_operands	13.0.2.1	–
ibm	app_connect_enterprise_certified_containers_operands	13.0.2.2	–
ibm	app_connect_enterprise_certified_containers_operands	13.0.2.2	–
ibm	app_connect_enterprise_certified_containers_operands	13.0.3.0	–
ibm	app_connect_enterprise_certified_containers_operands	13.0.3.1	–
ibm	app_connect_enterprise_certified_containers_operands	13.0.4.0	–
ibm	app_connect_enterprise_certified_containers_operands	13.0.4.1	–
ibm	app_connect_enterprise_certified_containers_operands	13.0.4.2	–
ibm	app_connect_enterprise_certified_containers_operands	13.0.5.0	–
ibm	app_connect_enterprise_certified_containers_operands	13.0.5.1	–
ibm	app_connect_enterprise_certified_containers_operands	13.0.5.2	–
ibm	app_connect_enterprise_certified_containers_operands	13.0.6.0	–
ibm	app_connect_enterprise_certified_containers_operands	13.0.6.1	–
ibm	app_connect_operator	> 11.3.0 , <= 11.6.0	–
ibm	app_connect_operator	> 12.0.0 , <= 12.0.20	–
ibm	app_connect_operator	> 12.1.0 , <= 12.20.1	–

Original title

Original description

IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.0.11.2‑r1 through 12.0.12.5‑r1 and 13.0.1.0‑r1 through 13.0.6.1‑r1, and LTS versions 12.0.12‑r1 through 12.0.12‑r20, contain a vulnerability in which the IBM App Connect Enterprise Certified Container transmits data in clear text, potentially allowing an attacker to intercept and obtain sensitive information through man‑in‑the‑middle techniques.

nvd CVSS3.1 5.9

Vulnerability type

CWE-319 Cleartext Transmission of Sensitive Information

https://www.ibm.com/support/pages/node/7262271 Vendor Advisory

Published: 3 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026