IBM App Connect Enterprise / Integration Bus SQLi in v12-13 (13.0.7.2)
CVE-2026-3602 Published on June 30, 2026
IBM App Connect Enterprise and IBM Integration Bus for z/OS toolkit is vulnerable to an sql injection
IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of.
Vulnerability Analysis
CVE-2026-3602 is exploitable with local system access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Weakness Type
External Control of File Name or Path
The software allows user input to control or influence paths or file names that are used in filesystem operations.
Products Associated with CVE-2026-3602
stack.watch emails you whenever new vulnerabilities are published in IBM App Connect Enterprise or IBM Integration Bus For Zos. Just hit a watch button to start following.
Affected Versions
IBM App Connect Enterprise:- Version 13.0.1.0, <= 13.0.7.2 is affected.
- Version 12.0.1.0, <= 12.0.12.26 is affected.
- Version 10.1.0.0, <= 10.1.0.7 is affected.