CVE Catalog

CVE-2026-3602

MediumCVSS 4.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile — higher than 8% of all known CVEs

Summary

IBM App Connect Enterprise versions 13.0.1.0 through 13.0.7.2 and 12.0.1.0 through 12.0.12.26, as well as IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7, are vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of.

Risk Assessment

The risk involves potential unauthorized database access and data manipulation, which could lead to information disclosure or system integrity compromise.

Recommendation

It is recommended to immediately upgrade to the latest available version of IBM App Connect Enterprise or IBM Integration Bus for z/OS that addresses this vulnerability.

Original NVD description (English source)

IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS