Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-3660: IBM Engineering Lifecycle Management allows unauthorized remote access
CVE-2026-3660
Summary
IBM Engineering Lifecycle Management versions 7.0.3 to 7.2.0 are affected. An attacker could potentially access your application without a password. Update to the latest interim fix to fix this issue.
Original title
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the ...
Original description
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the application.
nvd CVSS3.1
9.8
Vulnerability type
CWE-863
Incorrect Authorization
Published: 26 May 2026 · Updated: 28 May 2026 · First seen: 26 May 2026