CVE-2026-3602
MediumCVSS 4.7Exploitation Probability (EPSS)
Low risk8th percentile — higher than 8% of all known CVEs
Summary
IBM App Connect Enterprise versions 13.0.1.0 through 13.0.7.2 and 12.0.1.0 through 12.0.12.26, as well as IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7, are vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of.
Risk Assessment
The risk involves potential unauthorized database access and data manipulation, which could lead to information disclosure or system integrity compromise.
Recommendation
It is recommended to immediately upgrade to the latest available version of IBM App Connect Enterprise or IBM Integration Bus for z/OS that addresses this vulnerability.
Original NVD description (English source)
IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of.

