Back to overview

CVE-2026-3602

MEDIUM
4.7
CVSS 3.1
Description
IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of.

Metadata

CVE ID
CVE-2026-3602
State
PUBLISHED
Assigner
ibm
Reserved
2026-03-05 14:48 UTC
Published
2026-06-30 19:19 UTC
Last updated
2026-06-30 19:31 UTC
Primary CWE
CWE-73
CWE-73 External Control of File Name or Path
Vendor / Product
IBM / App Connect Enterprise
Sources
cve.org  ·  NVD

Severity & Metrics

4.7 MEDIUM CVSS 3.1
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
partial
Affected products (2)
VendorProductPlatformVersions
IBM App Connect Enterprise 13.0.1.0 ≤ 13.0.7.2, 12.0.1.0 ≤ 12.0.12.26
IBM Integration Bus for z/OS 10.1.0.0 ≤ 10.1.0.7
Weakness (CWE)
CWESourceDescription
CWE-73 cna CWE-73 External Control of File Name or Path
CVSS scores (1)
ScoreSeverityVersionSourceVector
4.7 MEDIUM 3.1 cna CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
Back to overview