CVE-2026-3602 in App Connect Enterpriseinfo

Summary

by MITRE • 06/30/2026

IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 07/01/2026

IBM App Connect Enterprise and IBM Integration Bus for z/OS versions within the specified ranges contain a critical SQL injection vulnerability that allows remote attackers to execute arbitrary database commands through crafted input parameters. This vulnerability stems from inadequate input validation and sanitization mechanisms within the application's database interaction components, creating an avenue for malicious actors to manipulate database queries by injecting malicious SQL code into user-supplied inputs. The flaw exists in the data processing pipeline where user-provided information is directly incorporated into SQL statements without proper parameterization or escaping mechanisms.

The security risk is exacerbated by the social engineering aspect that enables attackers to trick users into creating malicious files or executing harmful operations through carefully crafted payloads. This human factor component significantly increases the attack surface as it leverages trust relationships between users and the system rather than purely technical exploitation methods. The vulnerability can be exploited across multiple versions of both product lines, indicating a systemic issue within the software architecture that affects a substantial portion of IBM's integration platform ecosystem.

From an operational perspective, successful exploitation could result in unauthorized data access, data modification, or complete database compromise depending on the attacker's privileges and the underlying database configuration. The impact extends beyond simple information disclosure as attackers may be able to escalate privileges, extract sensitive business data, modify critical integration flows, or even disrupt service availability through database corruption or resource exhaustion attacks. Organizations using these platforms face significant risk of regulatory compliance violations and potential financial losses due to data breaches.

The vulnerability aligns with CWE-89 which specifically addresses SQL injection flaws in software applications, and maps to ATT&CK technique T1071.004 for application layer protocol manipulation. Mitigation strategies should include immediate patching of affected versions, implementation of proper input validation and parameterized queries, network segmentation to limit access to integration components, and enhanced user awareness training to prevent social engineering attacks. Organizations should also consider implementing database activity monitoring solutions to detect anomalous SQL execution patterns and establish robust incident response procedures for rapid containment of potential breaches.

Responsible

Ibm

Reservation

03/05/2026

Disclosure

06/30/2026

Moderation

accepted

CPE

ready

EPSS

0.00161

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!