{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-36157","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2025-04-15T21:16:20.813Z","datePublished":"2025-08-24T01:14:41.359Z","dateUpdated":"2026-02-26T17:48:14.120Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix035:*:*:*:*:*:*","cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix018:*:*:*:*:*:*","cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix004:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"Engineering Lifecycle Management","vendor":"IBM","versions":[{"lessThanOrEqual":"7.0.2 iFix035","status":"affected","version":"7.0.2","versionType":"semver"},{"lessThanOrEqual":"7.0.3 iFix018","status":"affected","version":"7.0.3","versionType":"semver"},{"lessThanOrEqual":"7.1.0 iFix004","status":"affected","version":"7.1.0","versionType":"semver"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions."}],"value":"IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-863","description":"CWE-863 Incorrect Authorization","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2025-08-26T14:46:31.452Z"},"references":[{"tags":["vendor-advisory","patch"],"url":"https://www.ibm.com/support/pages/node/7242925"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"

IBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below:

IBM recommends customers on ELM 7.0, 7.0.1 or any version below 7.0.2 to upgrade your products to Maintenance release 7.0.2. Optionally, upgrade to the latest 7.1.0 version and apply below fix.

Affected Product(s)Version(s)Remediation/Fix/Instructions
IBM Engineering Lifecycle Management - Jazz Foundation7.0.2Download and install 7.0.2 iFix035-sec or later
IBM Engineering Lifecycle Management - Jazz Foundation7.0.3Download and install 7.0.3 iFix018-sec or later
IBM Engineering Lifecycle Management - Jazz Foundation7.1.0Download and install 7.1.0 iFix004-sec or later
 
Apart from installing these iFixes, kindly perform the following additional step as mentioned below:

1. Set the Advanced property named \"setup.isRegistrationHandlerServiceOpen\" to \"False\" under Jazz Team Server (JTS) > Server Administration > Advanced property page and save your changes.
\n\n
"}],"value":"IBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below:\n\nIBM recommends customers on ELM 7.0, 7.0.1 or any version below 7.0.2 to upgrade your products to Maintenance release 7.0.2. Optionally, upgrade to the latest 7.1.0 version and apply below fix. \n\nAffected Product(s)Version(s)Remediation/Fix/InstructionsIBM Engineering Lifecycle Management - Jazz Foundation7.0.2Download and install 7.0.2 iFix035-sec https://www.ibm.com/support/fixcentral/swg/downloadFixes  or laterIBM Engineering Lifecycle Management - Jazz Foundation7.0.3Download and install 7.0.3 iFix018-sec https://www.ibm.com/support/fixcentral/swg/downloadFixes  or laterIBM Engineering Lifecycle Management - Jazz Foundation7.1.0Download and install 7.1.0 iFix004-sec https://www.ibm.com/support/fixcentral/swg/downloadFixes  or later\n\n \n\nApart from installing these iFixes, kindly perform the following additional step as mentioned below:\n\n\n1. Set the Advanced property named \"setup.isRegistrationHandlerServiceOpen\" to \"False\" under Jazz Team Server (JTS) > Server Administration > Advanced property page and save your changes."}],"source":{"discovery":"UNKNOWN"},"title":"IBM Engineering Lifecycle Management incorrect authorization","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2025-36157","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-08-26T03:55:29.154103Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T17:48:14.120Z"}}]}}