9.8

CVE-2026-3660

IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Authentication Bypass

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the application.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmEngineering Lifecycle Management Version7.0.3 Update-
IbmEngineering Lifecycle Management Version7.0.3 Updateifix002
IbmEngineering Lifecycle Management Version7.0.3 Updateifix003
IbmEngineering Lifecycle Management Version7.0.3 Updateifix004
IbmEngineering Lifecycle Management Version7.0.3 Updateifix005
IbmEngineering Lifecycle Management Version7.0.3 Updateifix006
IbmEngineering Lifecycle Management Version7.0.3 Updateifix007
IbmEngineering Lifecycle Management Version7.0.3 Updateifix008
IbmEngineering Lifecycle Management Version7.0.3 Updateifix009
IbmEngineering Lifecycle Management Version7.0.3 Updateifix010
IbmEngineering Lifecycle Management Version7.0.3 Updateifix011
IbmEngineering Lifecycle Management Version7.0.3 Updateifix012
IbmEngineering Lifecycle Management Version7.0.3 Updateifix013
IbmEngineering Lifecycle Management Version7.0.3 Updateifix014
IbmEngineering Lifecycle Management Version7.0.3 Updateifix015
IbmEngineering Lifecycle Management Version7.0.3 Updateifix016
IbmEngineering Lifecycle Management Version7.0.3 Updateifix017
IbmEngineering Lifecycle Management Version7.0.3 Updateifix018
IbmEngineering Lifecycle Management Version7.0.3 Updateifix019
IbmEngineering Lifecycle Management Version7.0.3 Updateifix020
IbmEngineering Lifecycle Management Version7.0.3 Updateifix021
IbmEngineering Lifecycle Management Version7.1.0 Update-
IbmEngineering Lifecycle Management Version7.1.0 Updateifix001
IbmEngineering Lifecycle Management Version7.1.0 Updateifix002
IbmEngineering Lifecycle Management Version7.1.0 Updateifix003
IbmEngineering Lifecycle Management Version7.1.0 Updateifix004
IbmEngineering Lifecycle Management Version7.1.0 Updateifix005
IbmEngineering Lifecycle Management Version7.1.0 Updateifix006
IbmEngineering Lifecycle Management Version7.1.0 Updateifix007
IbmEngineering Lifecycle Management Version7.1.0 Updateifix008
IbmEngineering Lifecycle Management Version7.1.0 Updateifix009
IbmEngineering Lifecycle Management Version7.2.0 Update-
IbmEngineering Lifecycle Management Version7.2.0 Updateifix001
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.58% 0.431
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@us.ibm.com 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://www.ibm.com/support/pages/node/7274079
Vendor Advisory