Search criteria
2 vulnerabilities found for App Connect Operator by IBM
CVE-2025-13491 (GCVE-0-2025-13491)
Vulnerability from cvelistv5 – Published: 2026-02-05 13:55 – Updated: 2026-02-05 14:46
VLAI?
Title
IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to loss of confidentiality []
Summary
IBM App Connect Enterprise Certified Container up to 12.19.0 (Continuous Delivery) and 12.0 LTS (Long Term Support) could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.
Severity ?
5.1 (Medium)
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | App Connect Operator |
Affected:
CD:11.2.0 , ≤ 11.6.0, 12.1.0 - 12.19.012.0
(semver)
Affected: LTS:12.0.0 - 12.0.19 cpe:2.3:a:ibm:app_connect_operator:cd:11.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_operator:11.6.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13491",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-05T14:46:00.445395Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T14:46:23.152Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:app_connect_operator:cd:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_operator:11.6.0:*:*:*:*:*:*:*"
],
"product": "App Connect Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.6.0, 12.1.0 - 12.19.012.0",
"status": "affected",
"version": "CD:11.2.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "LTS:12.0.0 - 12.0.19"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:app_connect_enterprisecertified_containers_operands:cd:12.0.11.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprisecertified_containers_operands:r1:*:*:*:*:*:*:*"
],
"product": "App Connect EnterpriseCertified Containers Operands",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "r1 - 12.0.12.5-r1, 13.0.1.0-r1 - 13.0.6.0-r112.0",
"status": "affected",
"version": "CD:12.0.11.1",
"versionType": "semver"
},
{
"status": "affected",
"version": "LTS:12.0.12-r1 - 12.0.12-r19"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u0026nbsp; \u003c/b\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM App Connect Enterprise Certified Container\u0026nbsp;up to 12.19.0 (Continuous Delivery) and\u0026nbsp;\u003cstrong\u003e12.0 LTS (Long Term Support)\u003c/strong\u003e could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "IBM App Connect Enterprise Certified Container\u00a0up to 12.19.0 (Continuous Delivery) and\u00a012.0 LTS (Long Term Support) could allow an attacker to access sensitive files or modify configurations due to an untrusted search path."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T13:55:21.838Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7259746"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly suggests the following:\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eApp Connect Enterprise Certified Container up to 12.19.0 (Continuous Delivery)\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eUpgrade to App Connect Enterprise Certified Container Operator version 12.20.0 or higher, and ensure that all DesignerAuthoring components are at 13.0.6.1-r1 or higher. \u0026nbsp;Documentation on the upgrade process is available at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator\"\u003ehttps://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003cstrong\u003eApp Connect Enterprise Certified Container 12.0 LTS (Long Term Support)\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eUpgrade to App Connect Enterprise Certified Container Operator version 12.0.20 or higher, and ensure that all DesignerAuthoring components are at 12.0.12-r20 or higher. \u0026nbsp;Documentation on the upgrade process is available at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases\"\u003ehttps://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases\u003c/a\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "IBM strongly suggests the following:\n\nApp Connect Enterprise Certified Container up to 12.19.0 (Continuous Delivery)\n\nUpgrade to App Connect Enterprise Certified Container Operator version 12.20.0 or higher, and ensure that all DesignerAuthoring components are at 13.0.6.1-r1 or higher. \u00a0Documentation on the upgrade process is available at https://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator \n\n\nApp Connect Enterprise Certified Container 12.0 LTS (Long Term Support)\n\nUpgrade to App Connect Enterprise Certified Container Operator version 12.0.20 or higher, and ensure that all DesignerAuthoring components are at 12.0.12-r20 or higher. \u00a0Documentation on the upgrade process is available at https://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases"
}
],
"title": "IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to loss of confidentiality []",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003cp\u003eDisable mapping assistance in the DesignerAuthoring component\u003c/p\u003e\u003c/div\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Disable mapping assistance in the DesignerAuthoring component"
}
],
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-13491",
"datePublished": "2026-02-05T13:55:21.838Z",
"dateReserved": "2025-11-20T21:11:07.402Z",
"dateUpdated": "2026-02-05T14:46:23.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13491 (GCVE-0-2025-13491)
Vulnerability from nvd – Published: 2026-02-05 13:55 – Updated: 2026-02-05 14:46
VLAI?
Title
IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to loss of confidentiality []
Summary
IBM App Connect Enterprise Certified Container up to 12.19.0 (Continuous Delivery) and 12.0 LTS (Long Term Support) could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.
Severity ?
5.1 (Medium)
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | App Connect Operator |
Affected:
CD:11.2.0 , ≤ 11.6.0, 12.1.0 - 12.19.012.0
(semver)
Affected: LTS:12.0.0 - 12.0.19 cpe:2.3:a:ibm:app_connect_operator:cd:11.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:app_connect_operator:11.6.0:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13491",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-05T14:46:00.445395Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T14:46:23.152Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:app_connect_operator:cd:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_operator:11.6.0:*:*:*:*:*:*:*"
],
"product": "App Connect Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "11.6.0, 12.1.0 - 12.19.012.0",
"status": "affected",
"version": "CD:11.2.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "LTS:12.0.0 - 12.0.19"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:app_connect_enterprisecertified_containers_operands:cd:12.0.11.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:app_connect_enterprisecertified_containers_operands:r1:*:*:*:*:*:*:*"
],
"product": "App Connect EnterpriseCertified Containers Operands",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "r1 - 12.0.12.5-r1, 13.0.1.0-r1 - 13.0.6.0-r112.0",
"status": "affected",
"version": "CD:12.0.11.1",
"versionType": "semver"
},
{
"status": "affected",
"version": "LTS:12.0.12-r1 - 12.0.12-r19"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u0026nbsp; \u003c/b\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM App Connect Enterprise Certified Container\u0026nbsp;up to 12.19.0 (Continuous Delivery) and\u0026nbsp;\u003cstrong\u003e12.0 LTS (Long Term Support)\u003c/strong\u003e could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "IBM App Connect Enterprise Certified Container\u00a0up to 12.19.0 (Continuous Delivery) and\u00a012.0 LTS (Long Term Support) could allow an attacker to access sensitive files or modify configurations due to an untrusted search path."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T13:55:21.838Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7259746"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly suggests the following:\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eApp Connect Enterprise Certified Container up to 12.19.0 (Continuous Delivery)\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eUpgrade to App Connect Enterprise Certified Container Operator version 12.20.0 or higher, and ensure that all DesignerAuthoring components are at 13.0.6.1-r1 or higher. \u0026nbsp;Documentation on the upgrade process is available at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator\"\u003ehttps://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003cstrong\u003eApp Connect Enterprise Certified Container 12.0 LTS (Long Term Support)\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eUpgrade to App Connect Enterprise Certified Container Operator version 12.0.20 or higher, and ensure that all DesignerAuthoring components are at 12.0.12-r20 or higher. \u0026nbsp;Documentation on the upgrade process is available at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases\"\u003ehttps://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases\u003c/a\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "IBM strongly suggests the following:\n\nApp Connect Enterprise Certified Container up to 12.19.0 (Continuous Delivery)\n\nUpgrade to App Connect Enterprise Certified Container Operator version 12.20.0 or higher, and ensure that all DesignerAuthoring components are at 13.0.6.1-r1 or higher. \u00a0Documentation on the upgrade process is available at https://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator \n\n\nApp Connect Enterprise Certified Container 12.0 LTS (Long Term Support)\n\nUpgrade to App Connect Enterprise Certified Container Operator version 12.0.20 or higher, and ensure that all DesignerAuthoring components are at 12.0.12-r20 or higher. \u00a0Documentation on the upgrade process is available at https://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases"
}
],
"title": "IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to loss of confidentiality []",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003cp\u003eDisable mapping assistance in the DesignerAuthoring component\u003c/p\u003e\u003c/div\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Disable mapping assistance in the DesignerAuthoring component"
}
],
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-13491",
"datePublished": "2026-02-05T13:55:21.838Z",
"dateReserved": "2025-11-20T21:11:07.402Z",
"dateUpdated": "2026-02-05T14:46:23.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}