IBM App Connect Enterprise Multiple DoS Vulnerabilities
Summary
CERT-Bund issued a security advisory (WID-SEC-2026-0903) disclosing multiple denial-of-service vulnerabilities in IBM App Connect Enterprise with a CVSS Base Score of 7.5 (high) and Temporal Score of 6.5 (medium). Affected versions are those prior to 12.0.12.24 and 13.0.7.0. Remote, unauthenticated attackers can exploit these vulnerabilities to conduct DoS attacks against affected installations.
What changed
CERT-Bund published advisory WID-SEC-2026-0903 identifying multiple DoS vulnerabilities in IBM App Connect Enterprise, versions prior to 12.0.12.24 and 13.0.7.0. The vulnerabilities carry a CVSS Base Score of 7.5 (high) and a Temporal Score of 6.5 (medium). A remote, anonymous attacker can exploit the flaws to cause denial-of-service conditions without authentication.
Organizations running IBM App Connect Enterprise must immediately identify whether their installations are affected and apply the vendor-provided patches (upgrade to version 12.0.12.24 or 13.0.7.0) or implement the recommended mitigations. Failure to address these vulnerabilities could expose integration and middleware infrastructure to service disruptions.
What to do next
- Identify any IBM App Connect Enterprise installations within your infrastructure
- Check installed versions against the affected thresholds (prior to 12.0.12.24 or 13.0.7.0)
- Apply vendor patches to upgrade to a secure version or implement compensating mitigations
Source document (simplified)
[WID-SEC-2026-0903] IBM App Connect Enterprise: Mehrere Schwachstellen ermöglichen Denial of Service CVSS Base Score 7.5 (hoch) CVSS Temporal Score 6.5 (mittel) Remoteangriff ja Datum 29.03.2026 Stand 30.03.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Linux
- UNIX
- Windows
Produktbeschreibung
IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.
Produkte
29.03.2026
- IBM App Connect Enterprise <12.0.12.24
- IBM App Connect Enterprise <13.0.7.0
Angriff
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um einen Denial of Service Angriff durchzuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Named provisions
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.