CVE-2026-3602

MEDIUM

IBM App Connect Enterprise and IBM Integration Bus for z/OS toolkit is vulnerable to an sql injection

Title source: cna
STIX 2.1

Description

IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory patch
https://www.ibm.com/support/pages/node/7278350

Scores

CVSS v3 4.7
EPSS 0.0018
EPSS Percentile 8.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-73 CWE-89
Status published
Products (5)
IBM/App Connect Enterprise 12.0.1.0 - 12.0.12.26
IBM/App Connect Enterprise 13.0.1.0 - 13.0.7.2
ibm/app_connect_enterprise 12.0.1.0 - 12.0.12.27
IBM/Integration Bus for z/OS 10.1.0.0 - 10.1.0.7
ibm/integration_bus 10.1.0.0 - 10.1.0.7
Published Jun 30, 2026
Tracked Since Jul 01, 2026