IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use...

5.1 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Description

IBM App Connect Enterprise Certified Container up to 12.19.0 (Continuous Delivery) and 12.0 LTS (Long Term Support) could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.

Basic Information

ID CVE-2025-13491

Source ibm

Published Feb 5, 2026 at 13:55

Affected Product

Vendor IBM

Product App Connect Operator

Version CD:11.2.0

Affected Versions IBM App Connect Operator CD:11.2.0
IBM App Connect Operator LTS:12.0.0 - 12.0.19
IBM App Connect EnterpriseCertified Containers Operands CD:12.0.11.1
IBM App Connect EnterpriseCertified Containers Operands LTS:12.0.12-r1 - 12.0.12-r19

CWE Classification

CWE-426

References

www.ibm.com /support/pages/node/7259746

{
    "lastseen": "",
    "description": "IBM App Connect Enterprise Certified Container\u00a0up to 12.19.0 (Continuous Delivery) and\u00a012.0 LTS (Long Term Support) could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.",
    "published": "2026-02-05T13:55:21.838Z",
    "modified": "2026-02-05T13:55:21.838Z",
    "type": "cve",
    "title": "IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to loss of confidentiality []",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7259746",
    "id": "CVE-2025-13491",
    "bulletinFamily": "",
    "cwe": [
        "CWE-426"
    ],
    "cvelist": null,
    "sourceData": "IBM App Connect Operator CD:11.2.0\nIBM App Connect Operator LTS:12.0.0 - 12.0.19\nIBM App Connect EnterpriseCertified Containers Operands CD:12.0.11.1\nIBM App Connect EnterpriseCertified Containers Operands LTS:12.0.12-r1 - 12.0.12-r19",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "App Connect Operator",
    "version": "CD:11.2.0",
    "vendor": "IBM",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to loss of confidentiality []_CVE-2025-13491