Lucene search
K

1143 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.7 views

IBM App Connect Enterprise 12.0.1.x < 12.0.12.27 / 13.0.1.x < 13.0.8.0 SQL Injection (7278350)

IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of. Note that Nessus has not tested for this issue but has instead relied...

5.5CVSS6AI score0.00183EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 8:17 p.m.6 views

CVE-2026-3602

IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of...

5.5CVSS0.00183EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 7:19 p.m.5 views

EUVD-2026-40385

IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of...

4.7CVSS5.9AI score0.00183EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 7:19 p.m.33 views

CVE-2026-3602 IBM App Connect Enterprise and IBM Integration Bus for z/OS toolkit is vulnerable to an sql injection

IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of...

4.7CVSS0.00183EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 7:19 p.m.19 views

CVE-2026-3602

IBM App Connect Enterprise and IBM Integration Bus for z/OS toolkit are vulnerable to SQL injection (CWE-73). Affected: IBM App Connect Enterprise versions 13.0.1.0–13.0.7.2 and 12.0.1.0–12.0.12.26; IBM Integration Bus for z/OS 10.1.0.0–10.1.0.7. Root cause: external control of file name or path ...

5.5CVSS5.9AI score0.00183EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-53945

Name of the Vulnerable Software and Affected Versions IBM App Connect Enterprise versions 13.0.1.0 through 13.0.7.2 IBM App Connect Enterprise versions 12.0.1.0 through 12.0.12.26 IBM Integration Bus for z/OS versions 10.1.0.0 through 10.1.0.7 Description SQL injection allows a remote attacker to...

5.5CVSS6AI score0.00183EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 2:36 p.m.5 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to Out-of-bounds Write due to OpenSSL (CVE-2025-15467)

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS Database node users are vulnerable to Out-of-bounds Write due to OpenSSL. Vulnerability Details CVEID:CVE-2025-15467 DESCRIPTION: Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD...

9.8CVSS7.9AI score0.47621EPSS
Exploits7Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 11:20 a.m.5 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS toolkit is vulnerable to an sql injection (CVE-2026-3602)

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS toolkit is vulnerable to an sql injection. Vulnerability Details CVEID:CVE-2026-3602 DESCRIPTION: IBM App Connect Enterprise is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally...

5.5CVSS5.9AI score0.00183EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 8:48 a.m.4 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Bouncy Castle (CVE-2026-0636,CVE-2026-5598,CVE-2026-5588&CVE-2026-3505)

Summary IBM App Connect Enterprise Toolkit and Runtime are vulnerable to multiple vulnerabilities due to Bouncy Castle. Vulnerability Details CVEID:CVE-2026-0636 DESCRIPTION: Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in Legion of the Bouncy...

9.9CVSS5.8AI score0.00758EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 10:55 a.m.8 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js modules fast-uri and protobufjs (CVE-2026-6322, CVE-2026-45740 & CVE-2026-6321)

Summary IBM App Connect Enterprise runtime and IBM App Connect Enterprise Discovery Connectors are vulnerable to multiple vulnerabilities due to Node.js modules fast-uri and protobufjs. Vulnerability Details CVEID:CVE-2026-6322 DESCRIPTION: fast-uri normalize decoded percent-encoded authority...

7.5CVSS5.3AI score0.00521EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 10:39 a.m.9 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js module path-to-regexp

Summary IBM App Connect Enterprise runtime and IBM App Connect Enterprise Discovery Connectors are vulnerable to multiple vulnerabilities due to Node.js module path-to-regexp. Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression is generated any time you have...

7.5CVSS5.5AI score0.00791EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/11 4:26 p.m.8 views

Security Bulletin: IBM App Connect for Manufacturing is vulnerable to CRLF Injection due to Netty ( CVE-2026-41417 )

Summary IBM App Connect for Manufacturing is vulnerable to CRLF Injection due to Netty. Vulnerability Details CVEID:CVE-2026-41417 DESCRIPTION: Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is later changed via...

5.3CVSS6.8AI score0.00307EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/11 4:10 p.m.6 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to Incorrect Authorization and Middleware Bypass due to Node.js module @hono/node-server ( CVE-2026-29087 & CVE-2026-39406 )

Summary IBM App Connect Enterprise runtime is vulnerable to Incorrect Authorization and Middleware Bypass due to Node.js module @hono/node-server. Vulnerability Details CVEID:CVE-2026-29087 DESCRIPTION: @hono/node-server allows running the Hono application on Node.js. Prior to version 1.19.10, wh...

7.5CVSS5.3AI score0.00376EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 8:37 a.m.9 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to xmldom (CVE-2026-41672, CVE-2026-41673, CVE-2026-41674 & CVE-2026-41675)

Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise runtime are vulnerable to multiple vulnerabilities due to xmldom. Vulnerability Details CVEID:CVE-2026-41672 DESCRIPTION: xmldom is a pure...

8.7CVSS5.6AI score0.00643EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 8:17 a.m.15 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to Uncontrolled Recursion due to Node.js module yaml (CVE-2026-33532)

Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise runtime are vulnerable to Uncontrolled Recursion due to Node.js module yaml. Vulnerability Details CVEID:CVE-2026-33532 DESCRIPTION: yaml is a...

4.3CVSS5.8AI score0.0047EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 8:4 a.m.10 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to FTP command injection and denial of service due to Node.js module basic-ftp ( CVE-2026-39983 & CVE-2026-41324 )

Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise runtime are vulnerable to FTP command injection and denial of service due to Node.js module basic-ftp. Vulnerability Details CVEID:CVE-2026-399...

8.6CVSS5.6AI score0.02185EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 11:43 a.m.12 views

Security Bulletin: IBM App Connect for Healthcare is vulnerable to multiple vulnerabilities due to Apache Log4j and Apache Neethi

Summary IBM App Connect for Healthcare is vulnerable to multiple vulnerabilities due to Apache Log4j and Apache Neethi. Vulnerability Details CVEID:CVE-2026-42402 DESCRIPTION: Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Special...

7.5CVSS5.5AI score0.0086EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/04 3:5 p.m.9 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands that use Kafka are vulnerable to loss of confidentiality (CVE-2025-27817, CVE-2025-27818)

Summary Apache Kafka Client is used by IBM App Connect Enterprise Certified Container when running flows that connect to a Kafka server. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use Kafka Client are vulnerable to loss of confidentiality...

8.8CVSS6.7AI score0.62368EPSS
Exploits2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/02 10:2 p.m.15 views

CVE-2026-5515

IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user...

5.5CVSS5.8AI score0.001EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 9:28 a.m.12 views

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.24 and 13.2.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

9.8CVSS6.2AI score0.00882EPSS
Exploits0Affected Software1
Rows per page
Query Builder