7.1
CVE-2026-3603
- EPSS 0.35%
- Veröffentlicht 26.05.2026 18:17:03
- Zuletzt bearbeitet 02.06.2026 18:44:12
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to XML external entity injection (XXE) attack
IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through Interim Fix 021, 7.1.0 Interim Fix 001 through Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Engineering Lifecycle Management Version7.0.3 Update-
Ibm ≫ Engineering Lifecycle Management Version7.0.3 Updateifix002
Ibm ≫ Engineering Lifecycle Management Version7.0.3 Updateifix003
Ibm ≫ Engineering Lifecycle Management Version7.0.3 Updateifix004
Ibm ≫ Engineering Lifecycle Management Version7.0.3 Updateifix005
Ibm ≫ Engineering Lifecycle Management Version7.0.3 Updateifix006
Ibm ≫ Engineering Lifecycle Management Version7.0.3 Updateifix007
Ibm ≫ Engineering Lifecycle Management Version7.0.3 Updateifix008
Ibm ≫ Engineering Lifecycle Management Version7.0.3 Updateifix009
Ibm ≫ Engineering Lifecycle Management Version7.0.3 Updateifix010
Ibm ≫ Engineering Lifecycle Management Version7.0.3 Updateifix011
Ibm ≫ Engineering Lifecycle Management Version7.0.3 Updateifix012
Ibm ≫ Engineering Lifecycle Management Version7.0.3 Updateifix013
Ibm ≫ Engineering Lifecycle Management Version7.0.3 Updateifix014
Ibm ≫ Engineering Lifecycle Management Version7.0.3 Updateifix015
Ibm ≫ Engineering Lifecycle Management Version7.0.3 Updateifix016
Ibm ≫ Engineering Lifecycle Management Version7.0.3 Updateifix017
Ibm ≫ Engineering Lifecycle Management Version7.0.3 Updateifix018
Ibm ≫ Engineering Lifecycle Management Version7.0.3 Updateifix019
Ibm ≫ Engineering Lifecycle Management Version7.0.3 Updateifix020
Ibm ≫ Engineering Lifecycle Management Version7.0.3 Updateifix021
Ibm ≫ Engineering Lifecycle Management Version7.1.0 Update-
Ibm ≫ Engineering Lifecycle Management Version7.1.0 Updateifix001
Ibm ≫ Engineering Lifecycle Management Version7.1.0 Updateifix002
Ibm ≫ Engineering Lifecycle Management Version7.1.0 Updateifix003
Ibm ≫ Engineering Lifecycle Management Version7.1.0 Updateifix004
Ibm ≫ Engineering Lifecycle Management Version7.1.0 Updateifix005
Ibm ≫ Engineering Lifecycle Management Version7.1.0 Updateifix006
Ibm ≫ Engineering Lifecycle Management Version7.1.0 Updateifix007
Ibm ≫ Engineering Lifecycle Management Version7.1.0 Updateifix008
Ibm ≫ Engineering Lifecycle Management Version7.1.0 Updateifix009
Ibm ≫ Engineering Lifecycle Management Version7.2.0 Update-
Ibm ≫ Engineering Lifecycle Management Version7.2.0 Updateifix001
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.35% | 0.271 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@us.ibm.com | 7.1 | 2.8 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
|
CWE-611 Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
https://www.ibm.com/support/pages/node/7274078