CVE-2026-3660

IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Authentication Bypass

Assigner: ibm
Reserved: 06.03.2026 Published: 26.05.2026 Updated: 26.05.2026

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the application.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 9.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	IBM
Product	Engineering Lifecycle Management
Versions	Default: unaffected affected from 7.0.3 to Interim Fix 021 (incl.) affected from 7.1.0 to Interim Fix 009 (incl.) affected from 7.2.0 to Interim Fix 001 (incl.)

Vendor

IBM

Product

Engineering Lifecycle Management

Versions

Default: unaffected

affected from 7.0.3 to Interim Fix 021 (incl.)
affected from 7.1.0 to Interim Fix 009 (incl.)
affected from 7.2.0 to Interim Fix 001 (incl.)

Solutions

IBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below:

Affected Product(s)Version(s)Remediation/Fix/Instructions

IBM Engineering Lifecycle Management - Jazz Foundation

7.0.3Download and install iFix022 https://www.ibm.com/support/fixcentral/swg/downloadFixes

IBM Engineering Lifecycle Management - Jazz Foundation

7.1.0Download and install iFix010 https://www.ibm.com/support/fixcentral/swg/downloadFixes

IBM Engineering Lifecycle Management - Jazz Foundation

7.2.0Download and install iFix002 https://www.ibm.com/support/fixcentral/swg/downloadFixes

References

Problem Types

CWE-863 Incorrect Authorization CWE

CVE-2026-3660 PUBLISHED

IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Authentication Bypass

Metrics

Product Status

Solutions

References

Problem Types