CVE-2025-36157

IBM Engineering Lifecycle Management incorrect authorization

CVSS 9.8 CRITICALEPSS 0.5%CWE-863

IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Produtos afetados

IBM · Engineering Lifecycle Management

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.ibm.com/support/pages/node/7242925