Changeflow GovPing Data Privacy & Cybersecurity IBM App Connect Enterprise Multiple Vulnerabili...
Priority review Notice Added Final

IBM App Connect Enterprise Multiple Vulnerabilities

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published March 17th, 2026
Detected March 18th, 2026
Email

Summary

CERT-Bund has issued a security advisory for IBM App Connect Enterprise, detailing multiple critical vulnerabilities with a CVSS score of 9.3. These vulnerabilities could allow remote attackers to cause denial-of-service or enable cross-site scripting attacks.

View original document View source feed page

What changed

CERT-Bund has released a security advisory (WID-SEC-2026-0772) concerning critical vulnerabilities in IBM App Connect Enterprise versions prior to 13.0.6.2 and 12.0.12.24. The vulnerabilities, rated with a CVSS Base Score of 9.3, can be exploited by remote attackers to achieve denial-of-service or bypass security measures, potentially leading to cross-site scripting (XSS) attacks. The advisory indicates that mitigation is available.

Organizations utilizing affected versions of IBM App Connect Enterprise should prioritize applying the available patches or updates to address these critical security flaws. Failure to do so could expose systems to significant risks, including unauthorized access and disruption of services. While a specific compliance deadline is not stated, immediate action is recommended to prevent exploitation.

What to do next

  1. Apply security patches or updates for IBM App Connect Enterprise to versions 13.0.6.2 or 12.0.12.24 or later.
  2. Review system logs for any signs of attempted exploitation.
  3. Assess the impact of potential denial-of-service or XSS attacks on business operations.

Source document (simplified)

[WID-SEC-2026-0772] IBM App Connect Enterprise (fast-xml-parser): Mehrere Schwachstellen CVSS Base Score 9.3 (kritisch) CVSS Temporal Score 8.1 (hoch) Remoteangriff ja Datum 17.03.2026 Stand 18.03.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Sonstiges
  • UNIX
  • Windows

Produktbeschreibung

IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.

Produkte

17.03.2026
- IBM App Connect Enterprise <13.0.6.2

  • IBM App Connect Enterprise <12.0.12.24

Angriff

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen oder Sicherheitsmaßnahmen zu umgehen, wodurch Cross-Site-Scripting-Angriffe ermöglicht werden. CVE Informationen Versionshistorie Feedback zum Advisory geben

Related changes

Favicon for wid.cert-bund.de Python Vulnerability Allows Code Execution
Priority review Mar 23, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Langflow Vulnerabilities Advisory
Urgent Mar 23, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de PTC FlexPLM and Windchill Vulnerability Allows Code Execution
Urgent Mar 23, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Microsoft Product Vulnerabilities Detailed
Priority review Mar 23, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Microsoft Edge Vulnerabilities
Priority review Mar 23, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr VMware Product Vulnerabilities - CERTFR Security Advisory
Priority review Mar 23, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-Bund
Published
March 17th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Manufacturers Technology companies
Geographic scope
de de

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Topics
Software Vulnerabilities Denial-of-Service Cross-Site Scripting

Browse Categories

Agriculture & Food Safety 61 Banking & Finance 230 Consumer Protection 40 Courts & Legal 315 Data Privacy & Cybersecurity 63 Defense & National Security 48 Education 20 Energy 104 Environment 83 Government & Legislation 259 Healthcare 131 Housing 15 Immigration 9 Insurance 56 Labor & Employment 111 Legal & Courts 1 Pharma & Drug Safety 97 Securities & Markets 78 Tax 63 Telecom & Technology 47 Trade & Sanctions 124 Transportation 56

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Free. Unsubscribe anytime.