IBM App Connect Enterprise Critical Vulnerabilities CVSS 9.8
Summary
CERT-Bund issued security advisory WID-SEC-2026-0933 disclosing multiple critical vulnerabilities in IBM App Connect Enterprise affecting versions prior to 13.0.7.0. The vulnerabilities carry a CVSS Base Score of 9.8 (critical) and CVSS Temporal Score of 8.5 (high), with remote attack capability confirmed. Organizations using this software should apply mitigations immediately.
What changed
CERT-Bund published advisory WID-SEC-2026-0933 warning of multiple critical vulnerabilities in IBM App Connect Enterprise software (versions below 13.0.7.0). The CVSS 9.8 score indicates the highest severity level. Affected platforms include UNIX, Windows, and other operating systems. An attacker can exploit these vulnerabilities to bypass security controls, manipulate data, disclose confidential information, cause denial-of-service conditions, or execute other unspecified attacks.
Organizations running IBM App Connect Enterprise must verify their installed version and upgrade to 13.0.7.0 or later as the primary mitigation. All deployments across UNIX, Windows, and other platforms should be patched immediately given the remote exploit capability and critical severity. Review CVE references for complete vulnerability details and apply vendor-provided security updates.
What to do next
- Identify all deployments of IBM App Connect Enterprise in your environment
- Upgrade affected installations to version 13.0.7.0 or later immediately
- Review CVE references linked in the advisory for complete vulnerability details and apply any additional vendor mitigations
Archived snapshot
Mar 31, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
[WID-SEC-2026-0933] IBM App Connect Enterprise (Hono und Undici): Mehrere Schwachstellen CVSS Base Score 9.8 (kritisch) CVSS Temporal Score 8.5 (hoch) Remoteangriff ja Datum 30.03.2026 Stand 31.03.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Sonstiges
- UNIX
- Windows
Produktbeschreibung
IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.
Produkte
30.03.2026
- IBM App Connect Enterprise <13.0.7.0
Angriff
Angriff
Ein Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen oder andere nicht näher bezeichnete Angriffe durchzuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Named provisions
Related changes
Get daily alerts for CERT-Bund Security Advisories
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
Source
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CERT-Bund.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.