SQL Injection Vulnerability in IBM App Connect Enterprise and IBM Integration Bus
CVE-2026-3602

4.7MEDIUM

Key Information:

Vendor: IBM
Status: App Connect Enterprise; Integration Bus For Z/os
Vendor: CVE Published:; 30 June 2026

What is CVE-2026-3602?

IBM App Connect Enterprise and IBM Integration Bus have been identified with a vulnerability that allows for SQL injection. This weakness could potentially enable an attacker to socially engineer users into creating unintended files, leading to unauthorized access or data manipulation. Organizations using the affected versions should consider immediate steps to mitigate this risk through timely patches and user training to avoid exploitation.

Affected Version(s)

App Connect Enterprise 13.0.1.0 <= 13.0.7.2

App Connect Enterprise 12.0.1.0 <= 12.0.12.26

Integration Bus for z/OS 10.1.0.0 <= 10.1.0.7

References

https://www.ibm.com/support/pages/node/7278350

vendor-advisorypatch

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2026
Vulnerability Reserved
Mar 5, 2026

CVE-2026-3602 Data

JSON