{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-15395","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2025-12-31T14:28:58.770Z","datePublished":"2026-02-02T15:10:56.983Z","dateUpdated":"2026-02-02T16:45:31.338Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix019:*:*:*:*:*:*","cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix005:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"Jazz Foundation","vendor":"IBM","versions":[{"lessThanOrEqual":"7.0.3 iFix019","status":"affected","version":"7.0.3","versionType":"semver"},{"lessThanOrEqual":"7.1.0 iFix005","status":"affected","version":"7.1.0","versionType":"semver"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"IBM Jazz Foundation 7.0.3 through 7.0.3 iFix019 and 7.1.0 through 7.1.0 iFix005 is vulnerable to access control violations that allows the users to view or access/perform actions beyond their expected capability.

"}],"value":"IBM Jazz Foundation 7.0.3 through 7.0.3 iFix019 and 7.1.0 through 7.1.0 iFix005 is vulnerable to access control violations that allows the users to view or access/perform actions beyond their expected capability."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-863","description":"CWE-863 Incorrect Authorization","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2026-02-02T15:10:56.983Z"},"references":[{"tags":["vendor-advisory","patch"],"url":"https://www.ibm.com/support/pages/node/7258304"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"

IBM recommends customers on ELM 7.0.1, 7.0.2 or any version below 7.0.3 to upgrade your products to Maintenance release 7.0.3 and apply below fix.

Optionally, upgrade to the latest 7.2.0 version.

Affected Product(s)Version(s)Remediation/Fix/Instructions

IBM Engineering Lifecycle Management - Jazz Foundation

7.0.3Download and install iFix020 or later

IBM Engineering Lifecycle Management - Jazz Foundation

7.1.0Download and install iFix006 or later


"}],"value":"IBM recommends customers on ELM 7.0.1, 7.0.2 or any version below 7.0.3 to upgrade your products to Maintenance release 7.0.3 and apply below fix.\n\nOptionally, upgrade to the latest 7.2.0 version.\n\nAffected Product(s)Version(s)Remediation/Fix/InstructionsIBM Engineering Lifecycle Management - Jazz Foundation\n\n7.0.3Download and install iFix020 https://www.ibm.com/support/fixcentral/swg/downloadFixes  or laterIBM Engineering Lifecycle Management - Jazz Foundation\n\n7.1.0Download and install iFix006 https://www.ibm.com/support/fixcentral/swg/downloadFixes  or later"}],"source":{"discovery":"UNKNOWN"},"title":"IBM Jazz Foundation access control violation","x_generator":{"engine":"Vulnogram 0.5.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-02-02T16:44:58.231516Z","id":"CVE-2025-15395","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-02T16:45:31.338Z"}}]}}