IBM App Connect Enterprise Certified Containers
Moderate fix2 remedies
cpe:2.3:a:ibm:app_connect_enterprise_certified_container:*:*:*:*:*:*:*
Moderate fix2 remedies
- >= 11.3.0, <= 11.6.0
- >= 12.1.0, <= 12.20.0
- >= 12.0.0, <= 12.0.20
IBM App Connect Enterprise and Operator Clear Text Data Transmission Vulnerability Allowing Interception of Sensitive Information
Vulnerability
Patched
A vulnerability exists in multiple versions of IBM App Connect Operator and IBM App Connect Enterprise Certified Containers Operands, where data is transmitted in clear text. This flaw could enable an attacker to intercept and access sensitive information using man-in-the-middle techniques. The issue arises when the App Connect Enterprise Certified Container IntegrationRuntime or IntegrationServer is configured to report metrics to a Prometheus instance within the OpenShift cluster, as these metrics are sent over an unencrypted channel.
Impact
Exploitation of this vulnerability could lead to unauthorized interception and access to sensitive information being transmitted from the App Connect Enterprise components to the Prometheus instance.
Remediation
Users are advised to upgrade to IBM App Connect Enterprise Certified Container Operator version 12.21.0 or higher for Continuous Delivery versions, and version 12.0.21 or higher for Long Term Support versions. Ensure that all DesignerAuthoring, IntegrationServer, and IntegrationRuntime components are at the recommended versions. Documentation on the upgrade process is available on the IBM App Connect support pages.
Added: Mar 3, 2026, 8:32 PM
Updated: Mar 3, 2026, 10:16 PM
Vulnerability Rating
Custom Algorithm
spread
0.8impact
2.5exploitability
3.5remediation
7.7relevance
3.4threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.