CVE-2026-3660 | THREATINT

Description

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the application.

PUBLISHED Reserved 2026-03-06 | Published 2026-05-26 | Updated 2026-05-28 | Assigner ibm

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-863 Incorrect Authorization

Product status

Default status

unaffected

7.0.3 (semver)

affected

7.1.0 (semver)

affected

7.2.0 (semver)

affected

References

www.ibm.com/support/pages/node/7274079 vendor-advisory patch

cve.org (CVE-2026-3660)

nvd.nist.gov (CVE-2026-3660)

Download JSON