VYPR
High severity7.1NVD Advisory· Published May 26, 2026· Updated Jun 2, 2026

CVE-2026-3603

CVE-2026-3603

Description

IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through  Interim Fix 021, 7.1.0  Interim Fix 001 through  Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

34
  • cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:-:*:*:*:*:*:*+ 32 more
    • cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:-:*:*:*:*:*:*
    • cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix002:*:*:*:*:*:*
    • cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix003:*:*:*:*:*:*
    • cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix004:*:*:*:*:*:*
    • cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix005:*:*:*:*:*:*
    • cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix006:*:*:*:*:*:*
    • cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix007:*:*:*:*:*:*
    • cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix008:*:*:*:*:*:*
    • cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix009:*:*:*:*:*:*
    • cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix010:*:*:*:*:*:*
    • cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix011:*:*:*:*:*:*
    • cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix012:*:*:*:*:*:*
    • cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix013:*:*:*:*:*:*
    • cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix014:*:*:*:*:*:*
    • cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix015:*:*:*:*:*:*
    • cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix016:*:*:*:*:*:*
    • cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix017:*:*:*:*:*:*
    • cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix018:*:*:*:*:*:*
    • cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix019:*:*:*:*:*:*
    • cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix020:*:*:*:*:*:*
    • cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix021:*:*:*:*:*:*
    • cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:-:*:*:*:*:*:*
    • cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:ifix001:*:*:*:*:*:*
    • cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:ifix002:*:*:*:*:*:*
    • cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:ifix003:*:*:*:*:*:*
    • cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:ifix004:*:*:*:*:*:*
    • cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:ifix005:*:*:*:*:*:*
    • cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:ifix006:*:*:*:*:*:*
    • cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:ifix007:*:*:*:*:*:*
    • cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:ifix008:*:*:*:*:*:*
    • cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:ifix009:*:*:*:*:*:*
    • cpe:2.3:a:ibm:engineering_lifecycle_management:7.2.0:-:*:*:*:*:*:*
    • cpe:2.3:a:ibm:engineering_lifecycle_management:7.2.0:ifix001:*:*:*:*:*:*
  • Range: >=7.0.3 Interim Fix 001 <=7.0.3 Interim Fix 021; >=7.1.0 Interim Fix 001 <=7.1.0 Interim Fix 009; =7.2.0, =7.2.0 Interim Fix 001

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.