CVE-2025-36033

Published: Feb 3, 2026Modified: Feb 25, 2026

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Affected (23)

Products: Ibm: Engineering Lifecycle Management

Ibm

1 product

Engineering Lifecycle Management

Configuration A

23 vulnerable

Vulnerable Software	Affected Versions
Ibm Engineering Lifecycle Management	Version 7.0.3
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix002
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix003
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix004
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix005
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix006
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix007
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix008
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix009
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix010
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix011
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix012
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix013
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix014
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix015
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix016
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix017
Ibm Engineering Lifecycle Management	Version 7.1.0
Ibm Engineering Lifecycle Management	Version 7.1.0 ifix0010
Ibm Engineering Lifecycle Management	Version 7.1.0 ifix001
Ibm Engineering Lifecycle Management	Version 7.1.0 ifix002
Ibm Engineering Lifecycle Management	Version 7.1.0 ifix003
Ibm Engineering Lifecycle Management	Version 7.1.0 ifix004

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (1)

https://www.ibm.com/support/pages/node/7258063

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.