7.1

CVE-2026-3603

IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to XML external entity injection (XXE) attack

IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through  Interim Fix 021, 7.1.0  Interim Fix 001 through  Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmEngineering Lifecycle Management Version7.0.3 Update-
IbmEngineering Lifecycle Management Version7.0.3 Updateifix002
IbmEngineering Lifecycle Management Version7.0.3 Updateifix003
IbmEngineering Lifecycle Management Version7.0.3 Updateifix004
IbmEngineering Lifecycle Management Version7.0.3 Updateifix005
IbmEngineering Lifecycle Management Version7.0.3 Updateifix006
IbmEngineering Lifecycle Management Version7.0.3 Updateifix007
IbmEngineering Lifecycle Management Version7.0.3 Updateifix008
IbmEngineering Lifecycle Management Version7.0.3 Updateifix009
IbmEngineering Lifecycle Management Version7.0.3 Updateifix010
IbmEngineering Lifecycle Management Version7.0.3 Updateifix011
IbmEngineering Lifecycle Management Version7.0.3 Updateifix012
IbmEngineering Lifecycle Management Version7.0.3 Updateifix013
IbmEngineering Lifecycle Management Version7.0.3 Updateifix014
IbmEngineering Lifecycle Management Version7.0.3 Updateifix015
IbmEngineering Lifecycle Management Version7.0.3 Updateifix016
IbmEngineering Lifecycle Management Version7.0.3 Updateifix017
IbmEngineering Lifecycle Management Version7.0.3 Updateifix018
IbmEngineering Lifecycle Management Version7.0.3 Updateifix019
IbmEngineering Lifecycle Management Version7.0.3 Updateifix020
IbmEngineering Lifecycle Management Version7.0.3 Updateifix021
IbmEngineering Lifecycle Management Version7.1.0 Update-
IbmEngineering Lifecycle Management Version7.1.0 Updateifix001
IbmEngineering Lifecycle Management Version7.1.0 Updateifix002
IbmEngineering Lifecycle Management Version7.1.0 Updateifix003
IbmEngineering Lifecycle Management Version7.1.0 Updateifix004
IbmEngineering Lifecycle Management Version7.1.0 Updateifix005
IbmEngineering Lifecycle Management Version7.1.0 Updateifix006
IbmEngineering Lifecycle Management Version7.1.0 Updateifix007
IbmEngineering Lifecycle Management Version7.1.0 Updateifix008
IbmEngineering Lifecycle Management Version7.1.0 Updateifix009
IbmEngineering Lifecycle Management Version7.2.0 Update-
IbmEngineering Lifecycle Management Version7.2.0 Updateifix001
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.35% 0.271
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@us.ibm.com 7.1 2.8 4.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

https://www.ibm.com/support/pages/node/7274078
Patch
Vendor Advisory