Changeflow GovPing Data Privacy & Cybersecurity IBM App Connect Enterprise Critical Vulnerabili...
Urgent Notice Added Final

IBM App Connect Enterprise Critical Vulnerabilities, CVSS 9.1

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published
Detected
Email

Summary

CERT-Bund published a critical security advisory (WID-SEC-2026-1007) warning of multiple severe vulnerabilities in IBM App Connect Enterprise with a CVSS Base Score of 9.1. The vulnerabilities allow remote attackers to bypass security controls, execute arbitrary code, perform SQL injection and XSS attacks, conduct denial of service, and disclose sensitive information. Organizations running affected versions on Linux, UNIX, Windows, or other platforms must apply mitigations immediately.

View original document View source feed page

What changed

CERT-Bund disclosed multiple critical vulnerabilities (CVSS 9.1) in IBM App Connect Enterprise affecting all major operating systems including Linux, UNIX, and Windows. Attackers can exploit these flaws to bypass security controls, execute arbitrary code, perform SQL injection, execute cross-site scripting, conduct denial of service attacks, manipulate files, and disclose sensitive information. All organizations running IBM App Connect Enterprise must apply vendor-provided patches or mitigations immediately. Failure to address these vulnerabilities exposes systems to remote compromise, data breaches, and operational disruption.

What to do next

  1. Patch IBM App Connect Enterprise to latest secure version immediately
  2. Implement mitigations per IBM security bulletin until patch is applied
  3. Monitor for new CVE disclosures and apply patches without delay

Archived snapshot

Apr 9, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

[WID-SEC-2026-1007] IBM App Connect Enterprise: Mehrere Schwachstellen CVSS Base Score 9.1 (kritisch) CVSS Temporal Score 7.9 (hoch) Remoteangriff ja Datum 07.04.2026 Stand 08.04.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Linux
  • Sonstiges
  • UNIX
  • Windows

Produktbeschreibung

IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.

Produkte

07.04.2026
- IBM App Connect Enterprise

Angriff

Angriff

Ein Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Sicherheitsvorkehrungen zu umgehen, um einen Denial of Service Angriff durchzuführen, um Informationen offenzulegen, um Dateien zu manipulieren, um einen Cross-Site Scripting Angriff durchzuführen, um einen SQL-Injection Angriff durchzuführen, und um beliebigen Programmcode auszuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Related changes

Favicon for wid.cert-bund.de Samsung Android Multiple Critical Vulnerabilities CVSS 9.8
Urgent Apr 08, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Red Hat Enterprise Linux crun Privilege Escalation Vulnerability, CVSS 7.8
Priority review Apr 08, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Dell PowerScale OneFS Multiple Vulnerabilities, CVSS 6.6, Privilege Escalation
Priority review Apr 07, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity

Get daily alerts for CERT-Bund Security Advisories

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from CERT-Bund.

What's AI-generated?

The plain-English summary, classification, and "what to do next" steps are AI-generated from the original text. Cite the source document, not the AI analysis.

Last updated

Press inquiries →

Classification

Agency
CERT-Bund
Published
April 7th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
WID-SEC-2026-1007

Who this affects

Applies to
Technology companies Manufacturers
Industry sector
5112 Software & Technology
Activity scope
Vulnerability remediation Patch management Security patching
Geographic scope
Germany DE

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Data Privacy Information Security Governance

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 292 Consumer Protection 44 Courts & Legal 360 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 20 Energy 101 Environment 85 Environmental Permits 1 Environmental Regulation 8 Government & Legislation 278 Healthcare 136 Housing 16 Immigration 9 Insurance 58 Labor & Employment 113 Legal 1 Legislative 1 Pharma & Drug Safety 104 Public Health 3 Securities & Markets 104 Securities Regulation 9 Tax 66 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.