Unrated severityNVD Advisory· Published Aug 24, 2025· Updated Feb 26, 2026

IBM Engineering Lifecycle Management incorrect authorization

CVE-2025-36157

Description

IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions.

Affected products

IBM/Engineering Lifecycle Managementv5
cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:*
Range: 7.0.2
IBM/Jazz Foundationllm-fuzzy
Range: 7.0.2-7.0.2 iFix035, 7.0.3-7.0.3 iFix018, 7.1.0-7.1.0 iFix004

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ibm.com/support/pages/node/7242925mitrevendor-advisorypatch

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000