Description
IBM Engineering Lifecycle Management 7.0.3 ( Interim Fix 001 through ) Interim Fix 021, 7.1.0 ( Interim Fix 001 through ) Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 DOORS could allow a remote attacker to cause a denial of service due to improper handling of XML entity expansion.
Published: 2026-07-17
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

Vendor Solution

IBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below: Affected Product(s)Version(s)Remediation/Fix/Instructions IBM Engineering Lifecycle Management - Jazz Foundation 7.0.3Download and install  iFix022 https://www.ibm.com/support/fixcentral/swg/downloadFixes IBM Engineering Lifecycle Management - Jazz Foundation 7.1.0Download and install  iFix010 https://www.ibm.com/support/fixcentral/swg/downloadFixes IBM Engineering Lifecycle Management - Jazz Foundation 7.2.0Download and install  iFix002 https://www.ibm.com/support/fixcentral/swg/downloadFixes

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Jul 2026 20:15:00 +0000

Type Values Removed Values Added
Description IBM Engineering Lifecycle Management 7.0.3 ( Interim Fix 001 through ) Interim Fix 021, 7.1.0 ( Interim Fix 001 through ) Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 DOORS could allow a remote attacker to cause a denial of service due to improper handling of XML entity expansion.
Title IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to XML Entity Expansion attack
First Time appeared Ibm
Ibm engineering Lifecycle Management
Weaknesses CWE-776
CPEs cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:interim_fix_001:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:interim_fix_021:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:interim_fix_001:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:interim_fix_009:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_lifecycle_management:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_lifecycle_management:7.2.0:interim_fix_001:*:*:*:*:*:*
Vendors & Products Ibm
Ibm engineering Lifecycle Management
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}


Subscriptions

Ibm Engineering Lifecycle Management
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-07-17T19:49:10.380Z

Reserved: 2026-07-07T16:58:17.358Z

Link: CVE-2026-14979

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses