CVE-2026-3660

Summary

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the application.

Affected Software

VendorProductVersion RangeStatus
IBMEngineering Lifecycle Management7.0.3 <= Interim Fix 021affected
IBMEngineering Lifecycle Management7.1.0 <= Interim Fix 009affected
IBMEngineering Lifecycle Management7.2.0 <= Interim Fix 001affected

Weaknesses

  • CWE-863: CWE-863 Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References