IBM Engineering Lifecycle Management – Jazz Foundation is vulnerable to...

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

IBM Engineering Lifecycle Management 7.0.3 ( through ) Interim Fix 021, 7.1.0 ( through ) Interim Fix 009, and 7.2.0 ( through ) Interim Fix 001 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the application.

AI Analysis

Unauthenticated remote attacker can update server property files to gain unauthorized access

Basic Information

ID CVE-2026-3660

Source ibm

Published May 26, 2026 at 18:23

Modified May 26, 2026 at 19:21

Affected Product

Vendor IBM

Product Engineering Lifecycle Management

Version 7.0.3

Affected Versions IBM Engineering Lifecycle Management 7.0.3
IBM Engineering Lifecycle Management 7.1.0
IBM Engineering Lifecycle Management 7.2.0

CWE Classification

CWE-863

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor IBM

Product Engineering Lifecycle Management

Version 7.0.3, 7.1.0, 7.2.0

References

www.ibm.com /support/pages/node/7274079

{
    "lastseen": "",
    "description": "IBM Engineering Lifecycle Management 7.0.3 ( through ) Interim Fix 021, 7.1.0 ( through ) Interim Fix 009, and 7.2.0 ( through ) Interim Fix 001 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the application.",
    "published": "2026-05-26T18:23:30.529Z",
    "modified": "2026-05-26T19:21:38.651Z",
    "type": "cve",
    "title": "IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Authentication Bypass",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7274079",
    "id": "CVE-2026-3660",
    "bulletinFamily": "",
    "cwe": [
        "CWE-863"
    ],
    "cvelist": null,
    "sourceData": "IBM Engineering Lifecycle Management 7.0.3\nIBM Engineering Lifecycle Management 7.1.0\nIBM Engineering Lifecycle Management 7.2.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Engineering Lifecycle Management",
    "version": "7.0.3",
    "vendor": "IBM",
    "ai_description": "Unauthenticated remote attacker can update server property files to gain unauthorized access",
    "ai_severity": "Critical",
    "ai_vendor": "IBM",
    "ai_product": "Engineering Lifecycle Management",
    "ai_version": "7.0.3, 7.1.0, 7.2.0",
    "ai_score": 9.8
}

IBM Engineering Lifecycle Management – Jazz Foundation is vulnerable to Authentication Bypass_CVE-2026-3660