CVE-2026-3603

{"id": "CVE-2026-3603", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 2.8}]}, "published": "2026-05-26T19:16:27.527", "references": [{"url": "https://www.ibm.com/support/pages/node/7274078", "tags": ["Vendor Advisory", "Patch"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through\u00a0 Interim Fix 021, 7.1.0\u00a0 Interim Fix 001 through\u00a0 Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources."}], "lastModified": "2026-06-02T18:44:12.887", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA0582EF-251B-4694-8B17-EC0F70F10801"}, {"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix002:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "209A6B2B-A3CE-4F5F-B1D0-36228625005D"}, {"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix003:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8449CFAE-05C3-4212-AE0F-7B82E588D8A2"}, {"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix004:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C68C005-C09B-427B-9206-F1CA70F72EE5"}, {"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix005:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D712BB02-8954-4F1A-9940-7E547342410B"}, {"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix006:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32B14BF7-43A6-4979-A3AD-369034486EFB"}, {"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix007:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DD02B82-C06B-4D2A-B8B8-633C8AE208EB"}, {"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix008:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62D0DE8D-0986-4B04-972E-71053995C1CC"}, {"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix009:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F83533F-043F-4073-A883-27A2834D6130"}, {"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix010:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34427171-70E0-474E-80DD-BDF46135CE4A"}, {"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix011:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30B2FA43-5684-4A6B-9A5D-879E42C1A8B7"}, {"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix012:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA376C3C-8509-4342-A54B-A21F031BF6C1"}, {"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix013:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C7B4708-5BB9-4BB9-BEB4-8574F2872DA5"}, {"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix014:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B839BEE-17AB-4776-B5F5-443E07CC6A18"}, {"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix015:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42093B36-DC7E-41D8-B846-A943DD576FDD"}, {"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix016:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2795CBD8-0F0B-4347-8499-33062AC0ED80"}, {"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix017:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39161861-4C6F-4F6C-961F-5FD142999AA8"}, {"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix018:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82039467-E458-4F12-96EA-0AC014831851"}, {"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix019:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A389A247-0816-44A7-B4AE-EF218BCE9BC1"}, {"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix020:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DE20864-F382-46DD-B21D-50907BA18A87"}, {"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:ifix021:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9EDBD1C-AE4E-40C7-93D3-D2C48B558F19"}, {"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA9D4742-2C27-4515-86D8-69A2C8EF2910"}, {"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:ifix001:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BE1B8B4-40CB-4B72-B71B-D321B0CD4CAA"}, {"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:ifix002:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05AE7D18-38B4-4326-9A48-7B1BB4C72EC7"}, {"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:ifix003:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15181084-D833-4777-836C-8E0CCE53342F"}, {"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:ifix004:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDBAD00C-2DD4-4A13-B89E-55940B1598CB"}, {"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:ifix005:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24EAD89C-B98C-41A4-B6AF-FB9550392395"}, {"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:ifix006:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3AADA4BD-ADB2-4500-9AE6-AB6C0DF7DC84"}, {"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:ifix007:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE8F634A-2DA7-4772-AB14-472AE31C9ECD"}, {"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:ifix008:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63A75D7F-6124-4AA5-8057-B6DBB2BFE7B8"}, {"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:ifix009:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1AEB66B1-1C3E-4510-A019-0DB791AEC72C"}, {"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.2.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B08E3BAA-0C9E-487E-954C-7561D1E4E482"}, {"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.2.0:ifix001:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AACF7171-A3EA-43E8-97AA-09269AB083CB"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}