CVE-2026-14979
IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to XML Entity Expansion attack
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
IBM Engineering Lifecycle Management 7.0.3 ( Interim Fix 001 through ) Interim Fix 021, 7.1.0 ( Interim Fix 001 through ) Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 DOORS could allow a remote attacker to cause a denial of service due to improper handling of XML entity expansion.
| CWE | CWE-776 |
| Vendor | ibm |
| Product | engineering lifecycle management |
| Published | Jul 17, 2026 |
Stay Ahead of the Next One
Get instant alerts for ibm engineering lifecycle management
Be the first to know when new medium vulnerabilities affecting ibm engineering lifecycle management are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
Affected Versions
IBM / Engineering Lifecycle Management
7.0.3 ( Interim Fix 001 โค ) Interim Fix 021 7.1.0 ( Interim Fix 001 โค ) Interim Fix 009 7.2.0 and 7.2.0 Interim Fix 001