CVE-2026-4051

HIGH

IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Server Post-Auth Remote Code Execution

Title source: cna
STIX 2.1

Description

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory patch
https://www.ibm.com/support/pages/node/7274077

Scores

CVSS v3 7.2
EPSS 0.0037
EPSS Percentile 28.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-749
Status published
Products (6)
IBM/Engineering Lifecycle Management 7.0.3 - Interim Fix 021
IBM/Engineering Lifecycle Management 7.1.0 - Interim Fix 009
IBM/Engineering Lifecycle Management 7.2.0 - Interim Fix 001
ibm/engineering_lifecycle_management 7.0.3 (21 CPE variants)
ibm/engineering_lifecycle_management 7.1.0 (10 CPE variants)
ibm/engineering_lifecycle_management 7.2.0 (2 CPE variants)
Published May 26, 2026
Tracked Since May 27, 2026