CVE-2026-3660
CRITICALIBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Authentication Bypass
Title source: cnaDescription
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the application.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
patch
https://www.ibm.com/support/pages/node/7274079
Scores
CVSS v3
9.8
EPSS
0.0053
EPSS Percentile
40.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-863
Status
published
Products (6)
IBM/Engineering Lifecycle Management
7.0.3 - Interim Fix 021
IBM/Engineering Lifecycle Management
7.1.0 - Interim Fix 009
IBM/Engineering Lifecycle Management
7.2.0 - Interim Fix 001
ibm/engineering_lifecycle_management
7.0.3 (21 CPE variants)
ibm/engineering_lifecycle_management
7.1.0 (10 CPE variants)
ibm/engineering_lifecycle_management
7.2.0 (2 CPE variants)
Published
May 26, 2026
Tracked Since
May 27, 2026