CVE-2026-3603

EUVD-2026-31952
IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through  Interim Fix 021, 7.1.0  Interim Fix 001 through  Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
Affected Products (NVD)
VendorProductVersion
ibmengineering_lifecycle_management
7.0.3
ibmengineering_lifecycle_management
7.0.3:ifix002
ibmengineering_lifecycle_management
7.0.3:ifix003
ibmengineering_lifecycle_management
7.0.3:ifix004
ibmengineering_lifecycle_management
7.0.3:ifix005
ibmengineering_lifecycle_management
7.0.3:ifix006
ibmengineering_lifecycle_management
7.0.3:ifix007
ibmengineering_lifecycle_management
7.0.3:ifix008
ibmengineering_lifecycle_management
7.0.3:ifix009
ibmengineering_lifecycle_management
7.0.3:ifix010
ibmengineering_lifecycle_management
7.0.3:ifix011
ibmengineering_lifecycle_management
7.0.3:ifix012
ibmengineering_lifecycle_management
7.0.3:ifix013
ibmengineering_lifecycle_management
7.0.3:ifix014
ibmengineering_lifecycle_management
7.0.3:ifix015
ibmengineering_lifecycle_management
7.0.3:ifix016
ibmengineering_lifecycle_management
7.0.3:ifix017
ibmengineering_lifecycle_management
7.0.3:ifix018
ibmengineering_lifecycle_management
7.0.3:ifix019
ibmengineering_lifecycle_management
7.0.3:ifix020
ibmengineering_lifecycle_management
7.0.3:ifix021
ibmengineering_lifecycle_management
7.1.0
ibmengineering_lifecycle_management
7.1.0:ifix001
ibmengineering_lifecycle_management
7.1.0:ifix002
ibmengineering_lifecycle_management
7.1.0:ifix003
ibmengineering_lifecycle_management
7.1.0:ifix004
ibmengineering_lifecycle_management
7.1.0:ifix005
ibmengineering_lifecycle_management
7.1.0:ifix006
ibmengineering_lifecycle_management
7.1.0:ifix007
ibmengineering_lifecycle_management
7.1.0:ifix008
ibmengineering_lifecycle_management
7.1.0:ifix009
ibmengineering_lifecycle_management
7.2.0
ibmengineering_lifecycle_management
7.2.0:ifix001
𝑥
= Vulnerable software versions