PT-2026-43375 · Ibm · Engineering Lifecycle Management
Published
2026-05-26
·
Updated
2026-05-28
·
CVE-2026-3660
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IBM Engineering Lifecycle Management versions 7.0.3 through Interim Fix 021
IBM Engineering Lifecycle Management versions 7.1.0 through Interim Fix 009
IBM Engineering Lifecycle Management versions 7.2.0 through Interim Fix 001
Description
An unauthenticated remote attacker can update server property files, which may lead to unauthorized access to the application.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Engineering Lifecycle Management