CVE-2026-3602
MEDIUMIBM App Connect Enterprise and IBM Integration Bus for z/OS toolkit is vulnerable to an sql injection
Title source: cnaDescription
IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
patch
https://www.ibm.com/support/pages/node/7278350
Scores
CVSS v3
4.7
EPSS
0.0018
EPSS Percentile
8.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-73
CWE-89
Status
published
Products (5)
IBM/App Connect Enterprise
12.0.1.0 - 12.0.12.26
IBM/App Connect Enterprise
13.0.1.0 - 13.0.7.2
ibm/app_connect_enterprise
12.0.1.0 - 12.0.12.27
IBM/Integration Bus for z/OS
10.1.0.0 - 10.1.0.7
ibm/integration_bus
10.1.0.0 - 10.1.0.7
Published
Jun 30, 2026
Tracked Since
Jul 01, 2026