High severity7.1NVD Advisory· Published May 26, 2026· Updated Jun 2, 2026
CVE-2026-3603
CVE-2026-3603
Description
IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through Interim Fix 021, 7.1.0 Interim Fix 001 through Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
34cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:-:*:*:*:*:*:*+ 32 more
- cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:-:*:*:*:*:*:*
- cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix002:*:*:*:*:*:*
- cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix003:*:*:*:*:*:*
- cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix004:*:*:*:*:*:*
- cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix005:*:*:*:*:*:*
- cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix006:*:*:*:*:*:*
- cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix007:*:*:*:*:*:*
- cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix008:*:*:*:*:*:*
- cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix009:*:*:*:*:*:*
- cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix010:*:*:*:*:*:*
- cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix011:*:*:*:*:*:*
- cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix012:*:*:*:*:*:*
- cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix013:*:*:*:*:*:*
- cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix014:*:*:*:*:*:*
- cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix015:*:*:*:*:*:*
- cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix016:*:*:*:*:*:*
- cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix017:*:*:*:*:*:*
- cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix018:*:*:*:*:*:*
- cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix019:*:*:*:*:*:*
- cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix020:*:*:*:*:*:*
- cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix021:*:*:*:*:*:*
- cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:-:*:*:*:*:*:*
- cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:ifix001:*:*:*:*:*:*
- cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:ifix002:*:*:*:*:*:*
- cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:ifix003:*:*:*:*:*:*
- cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:ifix004:*:*:*:*:*:*
- cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:ifix005:*:*:*:*:*:*
- cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:ifix006:*:*:*:*:*:*
- cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:ifix007:*:*:*:*:*:*
- cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:ifix008:*:*:*:*:*:*
- cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:ifix009:*:*:*:*:*:*
- cpe:2.3:a:ibm:engineering_lifecycle_management:7.2.0:-:*:*:*:*:*:*
- cpe:2.3:a:ibm:engineering_lifecycle_management:7.2.0:ifix001:*:*:*:*:*:*
- Range: >=7.0.3 Interim Fix 001 <=7.0.3 Interim Fix 021; >=7.1.0 Interim Fix 001 <=7.1.0 Interim Fix 009; =7.2.0, =7.2.0 Interim Fix 001
Patches
Vulnerability mechanics
References
1- www.ibm.com/support/pages/node/7274078nvdVendor AdvisoryPatch
News mentions
0No linked articles in our index yet.