CVE-2026-3602
Received
Received - Intake
SQL Injection in IBM App Connect Enterprise
Vulnerability report for CVE-2026-3602, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-06-30
Last updated on: 2026-06-30
Assigner: IBM Corporation
Description
Description
IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | integration_bus_for_z_os | From 10.1.0.0 (inc) to 10.1.0.7 (inc) |
| ibm | app_connect_enterprise | From 13.0.1.0 (inc) to 13.0.7.2 (inc) |
| ibm | app_connect_enterprise | From 12.0.1.0 (inc) to 12.0.12.26 (inc) |
| ibm | integration_bus_for_zos | From 10.1.0.0 (inc) to 10.1.0.7 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |