CVE-2025-36157

Summary

IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions.

Affected Software

VendorProductVersion RangeStatus
IBMEngineering Lifecycle Management7.0.2 <= 7.0.2 iFix035affected
IBMEngineering Lifecycle Management7.0.3 <= 7.0.3 iFix018affected
IBMEngineering Lifecycle Management7.1.0 <= 7.1.0 iFix004affected

Weaknesses

  • CWE-863: CWE-863 Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References