CVE-2025-36033
EUVD-2025-20681403.02.2026, 23:16
IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| ibm | engineering_lifecycle_management | 7.0.3 |
| ibm | engineering_lifecycle_management | 7.0.3:ifix002 |
| ibm | engineering_lifecycle_management | 7.0.3:ifix003 |
| ibm | engineering_lifecycle_management | 7.0.3:ifix004 |
| ibm | engineering_lifecycle_management | 7.0.3:ifix005 |
| ibm | engineering_lifecycle_management | 7.0.3:ifix006 |
| ibm | engineering_lifecycle_management | 7.0.3:ifix007 |
| ibm | engineering_lifecycle_management | 7.0.3:ifix008 |
| ibm | engineering_lifecycle_management | 7.0.3:ifix009 |
| ibm | engineering_lifecycle_management | 7.0.3:ifix010 |
| ibm | engineering_lifecycle_management | 7.0.3:ifix011 |
| ibm | engineering_lifecycle_management | 7.0.3:ifix012 |
| ibm | engineering_lifecycle_management | 7.0.3:ifix013 |
| ibm | engineering_lifecycle_management | 7.0.3:ifix014 |
| ibm | engineering_lifecycle_management | 7.0.3:ifix015 |
| ibm | engineering_lifecycle_management | 7.0.3:ifix016 |
| ibm | engineering_lifecycle_management | 7.0.3:ifix017 |
| ibm | engineering_lifecycle_management | 7.1.0 |
| ibm | engineering_lifecycle_management | 7.1.0:ifix001 |
| ibm | engineering_lifecycle_management | 7.1.0:ifix0010 |
| ibm | engineering_lifecycle_management | 7.1.0:ifix002 |
| ibm | engineering_lifecycle_management | 7.1.0:ifix003 |
| ibm | engineering_lifecycle_management | 7.1.0:ifix004 |
𝑥
= Vulnerable software versions