CVE-2025-36157

IBM Engineering Lifecycle Management incorrect authorization

CVSS 9.8 CRITICALEPSS 0.5%CWE-863

IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Productos afectados

IBM · Engineering Lifecycle Management

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.ibm.com/support/pages/node/7242925