CVE-2026-3660

Published: May 26, 2026Modified: May 29, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: psirt@us.ibm.com (Secondary)

Description

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the application.

Affected (33)

Products: Ibm: Engineering Lifecycle Management

Ibm

1 product

Engineering Lifecycle Management

Configuration A

33 vulnerable

Vulnerable Software	Affected Versions
Ibm Engineering Lifecycle Management	Version 7.0.3
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix002
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix003
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix004
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix005
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix006
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix007
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix008
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix009
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix010
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix011
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix012
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix013
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix014
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix015
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix016
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix017
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix018
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix019
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix020
Ibm Engineering Lifecycle Management	Version 7.0.3 ifix021
Ibm Engineering Lifecycle Management	Version 7.1.0
Ibm Engineering Lifecycle Management	Version 7.1.0 ifix001
Ibm Engineering Lifecycle Management	Version 7.1.0 ifix002
Ibm Engineering Lifecycle Management	Version 7.1.0 ifix003
Ibm Engineering Lifecycle Management	Version 7.1.0 ifix004
Ibm Engineering Lifecycle Management	Version 7.1.0 ifix005
Ibm Engineering Lifecycle Management	Version 7.1.0 ifix006
Ibm Engineering Lifecycle Management	Version 7.1.0 ifix007
Ibm Engineering Lifecycle Management	Version 7.1.0 ifix008
Ibm Engineering Lifecycle Management	Version 7.1.0 ifix009
Ibm Engineering Lifecycle Management	Version 7.2.0
Ibm Engineering Lifecycle Management	Version 7.2.0 ifix001

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (1)

https://www.ibm.com/support/pages/node/7274079

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.