7.2

CVE-2026-4051

IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Server Post-Auth Remote Code Execution

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmEngineering Lifecycle Management Version7.0.3 Update-
IbmEngineering Lifecycle Management Version7.0.3 Updateifix002
IbmEngineering Lifecycle Management Version7.0.3 Updateifix003
IbmEngineering Lifecycle Management Version7.0.3 Updateifix004
IbmEngineering Lifecycle Management Version7.0.3 Updateifix005
IbmEngineering Lifecycle Management Version7.0.3 Updateifix006
IbmEngineering Lifecycle Management Version7.0.3 Updateifix007
IbmEngineering Lifecycle Management Version7.0.3 Updateifix008
IbmEngineering Lifecycle Management Version7.0.3 Updateifix009
IbmEngineering Lifecycle Management Version7.0.3 Updateifix010
IbmEngineering Lifecycle Management Version7.0.3 Updateifix011
IbmEngineering Lifecycle Management Version7.0.3 Updateifix012
IbmEngineering Lifecycle Management Version7.0.3 Updateifix013
IbmEngineering Lifecycle Management Version7.0.3 Updateifix014
IbmEngineering Lifecycle Management Version7.0.3 Updateifix015
IbmEngineering Lifecycle Management Version7.0.3 Updateifix016
IbmEngineering Lifecycle Management Version7.0.3 Updateifix017
IbmEngineering Lifecycle Management Version7.0.3 Updateifix018
IbmEngineering Lifecycle Management Version7.0.3 Updateifix019
IbmEngineering Lifecycle Management Version7.0.3 Updateifix020
IbmEngineering Lifecycle Management Version7.0.3 Updateifix021
IbmEngineering Lifecycle Management Version7.1.0 Update-
IbmEngineering Lifecycle Management Version7.1.0 Updateifix001
IbmEngineering Lifecycle Management Version7.1.0 Updateifix002
IbmEngineering Lifecycle Management Version7.1.0 Updateifix003
IbmEngineering Lifecycle Management Version7.1.0 Updateifix004
IbmEngineering Lifecycle Management Version7.1.0 Updateifix005
IbmEngineering Lifecycle Management Version7.1.0 Updateifix006
IbmEngineering Lifecycle Management Version7.1.0 Updateifix007
IbmEngineering Lifecycle Management Version7.1.0 Updateifix008
IbmEngineering Lifecycle Management Version7.1.0 Updateifix009
IbmEngineering Lifecycle Management Version7.2.0 Update-
IbmEngineering Lifecycle Management Version7.2.0 Updateifix001
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.37% 0.285
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@us.ibm.com 7.2 1.2 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-749 Exposed Dangerous Method or Function

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

https://www.ibm.com/support/pages/node/7274077
Vendor Advisory