Integration Bus For Z Os
Monthly
File path control vulnerability (CWE-73) in IBM App Connect Enterprise and IBM Integration Bus for z/OS enables a remote attacker to socially engineer a victim into triggering unauthorized file creation on the local system. Despite being tagged and described as SQL injection, the governing weakness classification is CWE-73 (External Control of File Name or Path), and the described impact - unexpected local file creation - aligns with that CWE rather than database injection. Affected versions span IBM ACE 12.x and 13.x across wide release ranges, as well as IBM Integration Bus for z/OS 10.1.x. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.
File path control vulnerability (CWE-73) in IBM App Connect Enterprise and IBM Integration Bus for z/OS enables a remote attacker to socially engineer a victim into triggering unauthorized file creation on the local system. Despite being tagged and described as SQL injection, the governing weakness classification is CWE-73 (External Control of File Name or Path), and the described impact - unexpected local file creation - aligns with that CWE rather than database injection. Affected versions span IBM ACE 12.x and 13.x across wide release ranges, as well as IBM Integration Bus for z/OS 10.1.x. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.