{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-3602","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2026-03-05T14:48:57.881Z","datePublished":"2026-06-30T19:19:47.135Z","dateUpdated":"2026-06-30T19:31:02.140Z"},"containers":{"cna":{"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2026-06-30T19:19:47.135Z"},"title":"IBM App Connect Enterprise and IBM Integration Bus for z/OS toolkit is vulnerable to an sql injection","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-73","description":"CWE-73 External Control of File Name or Path","type":"CWE"}]}],"affected":[{"vendor":"IBM","product":"App Connect Enterprise","versions":[{"status":"affected","version":"13.0.1.0","lessThanOrEqual":"13.0.7.2","versionType":"semver"},{"status":"affected","version":"12.0.1.0","lessThanOrEqual":"12.0.12.26","versionType":"semver"}],"cpes":["cpe:2.3:a:ibm:app_connect_enterprise:13.0.1.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:app_connect_enterprise:13.0.7.2:*:*:*:*:*:*:*","cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.26:*:*:*:*:*:*:*"]},{"vendor":"IBM","product":"Integration Bus for z/OS","versions":[{"status":"affected","version":"10.1.0.0","lessThanOrEqual":"10.1.0.7","versionType":"semver"}],"cpes":["cpe:2.3:a:ibm:integration_bus_for_zos:10.1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:integration_bus_for_zos:10.1.0.7:*:*:*:*:*:*:*"]}],"descriptions":[{"lang":"en","value":"IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of.</p>"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7278350","tags":["vendor-advisory","patch"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseSeverity":"MEDIUM","baseScore":4.7,"vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"}}],"solutions":[{"lang":"en","value":"IBM strongly recommends addressing the vulnerability/vulnerabilities now by applying the appropriate fix to IBM App Connect Enterprise and IBM Integration Bus for z/OS Affected Product(s)Version(s)APARRemediation / FixesIBM App Connect Enterprise13.0.1.0 - 13.0.7.2PH71150The APAR (PH71150) is available fromIBM App Connect Enterprise v13- Fix Pack Release 13.0.8.0IBM App Connect Enterprise12.0.1.0 - 12.0.12.26 PH71150The APAR (PH71150) is available fromIBM App Connect Enterprise v12- Fix Pack Release 12.0.12.27IBM Integration Bus for z/OS10.1.0.0 - 10.1.0.7PH71150Interim Fix for APAR (PH71150) is available to apply to 10.1.0.7 from IBM Fix Central","supportingMedia":[{"type":"text/html","base64":false,"value":"<p><strong>IBM strongly recommends addressing the vulnerability/vulnerabilities now by applying the appropriate fix to IBM App Connect Enterprise and IBM Integration Bus for z/OS </strong></p><div><table><colgroup><col/><col/><col/><col/></colgroup><tbody><tr><td>Affected Product(s)</td><td>Version(s)</td><td>APAR</td><td>Remediation / Fixes</td></tr><tr><td>IBM App Connect Enterprise</td><td>13.0.1.0 - 13.0.7.2</td><td>PH71150</td><td><p>The APAR (PH71150) is available from</p><p><a href=\"https://www.ibm.com/support/pages/download-ibm-app-connect-enterprise-13080\" rel=\"noopener noreferrer nofollow\">IBM App Connect Enterprise v13- Fix Pack Release 13.0.8.0</a></p></td></tr><tr><td>IBM App Connect Enterprise</td><td>12.0.1.0 - 12.0.12.26 </td><td>PH71150</td><td><p>The APAR (PH71150) is available from</p><p><a href=\"https://www.ibm.com/support/pages/download-ibm-app-connect-enterprise-1201227-fix-pack\" rel=\"noopener noreferrer nofollow\">IBM App Connect Enterprise v12- Fix Pack Release 12.0.12.27</a></p></td></tr><tr><td>IBM Integration Bus for z/OS</td><td>10.1.0.0 - 10.1.0.7</td><td>PH71150</td><td><p>Interim Fix for APAR (PH71150) is available to apply to 10.1.0.7 from </p><p><a href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/WebSphere/Integration+Bus&amp;release=10.1.0.7&amp;platform=All&amp;function=aparId&amp;apars=PH71150\" rel=\"nofollow\">IBM Fix Central</a></p></td></tr></tbody></table></div>"}]}],"x_generator":{"engine":"ibm-cvegen"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-06-30T19:30:51.792018Z","id":"CVE-2026-3602","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-06-30T19:31:02.140Z"}}]}}