IBM App Connect Enterprise / Integration Bus SQLi in v12-13 (13.0.7.2)
CVE-2026-3602 Published on June 30, 2026

IBM App Connect Enterprise and IBM Integration Bus for z/OS toolkit is vulnerable to an sql injection
IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2026-3602 is exploitable with local system access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

Attack Vector:
LOCAL
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
HIGH
Availability Impact:
NONE

Weakness Type

External Control of File Name or Path

The software allows user input to control or influence paths or file names that are used in filesystem operations.


Products Associated with CVE-2026-3602

stack.watch emails you whenever new vulnerabilities are published in IBM App Connect Enterprise or IBM Integration Bus For Zos. Just hit a watch button to start following.

 
 

Affected Versions

IBM App Connect Enterprise: IBM Integration Bus for z/OS: