CVE-2026-4051

IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Server Post-Auth Remote Code Execution

Assigner: ibm
Reserved: 12.03.2026 Published: 26.05.2026 Updated: 27.05.2026

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 7.2

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	High	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	IBM
Product	Engineering Lifecycle Management
Versions	Default: unaffected affected from 7.0.3 to Interim Fix 021 (incl.) affected from 7.1.0 to Interim Fix 009 (incl.) affected from 7.2.0 to Interim Fix 001 (incl.)

Vendor

IBM

Product

Engineering Lifecycle Management

Versions

Default: unaffected

affected from 7.0.3 to Interim Fix 021 (incl.)
affected from 7.1.0 to Interim Fix 009 (incl.)
affected from 7.2.0 to Interim Fix 001 (incl.)

Solutions

IBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below:

Affected Product(s)Version(s)Remediation/Fix/Instructions

IBM Engineering Lifecycle Management - Jazz Foundation

7.0.3Download and install iFix022 https://www.ibm.com/support/fixcentral/swg/downloadFixes

IBM Engineering Lifecycle Management - Jazz Foundation

7.1.0Download and install iFix010 https://www.ibm.com/support/fixcentral/swg/downloadFixes

IBM Engineering Lifecycle Management - Jazz Foundation

7.2.0Download and install iFix002 https://www.ibm.com/support/fixcentral/swg/downloadFixes

References

Problem Types

CWE-749 Exposed Dangerous Method or Function CWE

CVE-2026-4051 PUBLISHED

IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Server Post-Auth Remote Code Execution

Metrics

Product Status

Solutions

References

Problem Types