CVE-2026-3660

EUVD-2026-31954
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the application.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
Affected Products (NVD)
VendorProductVersion
ibmengineering_lifecycle_management
7.0.3
ibmengineering_lifecycle_management
7.0.3:ifix002
ibmengineering_lifecycle_management
7.0.3:ifix003
ibmengineering_lifecycle_management
7.0.3:ifix004
ibmengineering_lifecycle_management
7.0.3:ifix005
ibmengineering_lifecycle_management
7.0.3:ifix006
ibmengineering_lifecycle_management
7.0.3:ifix007
ibmengineering_lifecycle_management
7.0.3:ifix008
ibmengineering_lifecycle_management
7.0.3:ifix009
ibmengineering_lifecycle_management
7.0.3:ifix010
ibmengineering_lifecycle_management
7.0.3:ifix011
ibmengineering_lifecycle_management
7.0.3:ifix012
ibmengineering_lifecycle_management
7.0.3:ifix013
ibmengineering_lifecycle_management
7.0.3:ifix014
ibmengineering_lifecycle_management
7.0.3:ifix015
ibmengineering_lifecycle_management
7.0.3:ifix016
ibmengineering_lifecycle_management
7.0.3:ifix017
ibmengineering_lifecycle_management
7.0.3:ifix018
ibmengineering_lifecycle_management
7.0.3:ifix019
ibmengineering_lifecycle_management
7.0.3:ifix020
ibmengineering_lifecycle_management
7.0.3:ifix021
ibmengineering_lifecycle_management
7.1.0
ibmengineering_lifecycle_management
7.1.0:ifix001
ibmengineering_lifecycle_management
7.1.0:ifix002
ibmengineering_lifecycle_management
7.1.0:ifix003
ibmengineering_lifecycle_management
7.1.0:ifix004
ibmengineering_lifecycle_management
7.1.0:ifix005
ibmengineering_lifecycle_management
7.1.0:ifix006
ibmengineering_lifecycle_management
7.1.0:ifix007
ibmengineering_lifecycle_management
7.1.0:ifix008
ibmengineering_lifecycle_management
7.1.0:ifix009
ibmengineering_lifecycle_management
7.2.0
ibmengineering_lifecycle_management
7.2.0:ifix001
𝑥
= Vulnerable software versions