Skip to main content

Integration Bus For Z Os

1 CVEs product

Monthly

CVE-2026-3602 MEDIUM PATCH This Month

File path control vulnerability (CWE-73) in IBM App Connect Enterprise and IBM Integration Bus for z/OS enables a remote attacker to socially engineer a victim into triggering unauthorized file creation on the local system. Despite being tagged and described as SQL injection, the governing weakness classification is CWE-73 (External Control of File Name or Path), and the described impact - unexpected local file creation - aligns with that CWE rather than database injection. Affected versions span IBM ACE 12.x and 13.x across wide release ranges, as well as IBM Integration Bus for z/OS 10.1.x. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

IBM SQLi App Connect Enterprise Integration Bus For Z Os
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

File path control vulnerability (CWE-73) in IBM App Connect Enterprise and IBM Integration Bus for z/OS enables a remote attacker to socially engineer a victim into triggering unauthorized file creation on the local system. Despite being tagged and described as SQL injection, the governing weakness classification is CWE-73 (External Control of File Name or Path), and the described impact - unexpected local file creation - aligns with that CWE rather than database injection. Affected versions span IBM ACE 12.x and 13.x across wide release ranges, as well as IBM Integration Bus for z/OS 10.1.x. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

IBM SQLi App Connect Enterprise +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy