IBM Engineering Lifecycle Management 7.0.3 ( Interim Fix 001 through ) Interim Fix 021, 7.1.0 ( Interim Fix 001 through ) Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 DOORS could allow a remote attacker to cause a denial of service due to improper handling of XML entity expansion.

Project Subscriptions

Vendors Products
Engineering Lifecycle Management Subscribe
Advisories

No advisories yet.

Fixes

Solution

IBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below: Affected Product(s)Version(s)Remediation/Fix/Instructions IBM Engineering Lifecycle Management - Jazz Foundation 7.0.3Download and install  iFix022 https://www.ibm.com/support/fixcentral/swg/downloadFixes IBM Engineering Lifecycle Management - Jazz Foundation 7.1.0Download and install  iFix010 https://www.ibm.com/support/fixcentral/swg/downloadFixes IBM Engineering Lifecycle Management - Jazz Foundation 7.2.0Download and install  iFix002 https://www.ibm.com/support/fixcentral/swg/downloadFixes


Workaround

No workaround given by the vendor.

History

Fri, 17 Jul 2026 20:15:00 +0000

Type Values Removed Values Added
Description IBM Engineering Lifecycle Management 7.0.3 ( Interim Fix 001 through ) Interim Fix 021, 7.1.0 ( Interim Fix 001 through ) Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 DOORS could allow a remote attacker to cause a denial of service due to improper handling of XML entity expansion.
Title IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to XML Entity Expansion attack
First Time appeared Ibm
Ibm engineering Lifecycle Management
Weaknesses CWE-776
CPEs cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:interim_fix_001:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.3:interim_fix_021:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:interim_fix_001:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_lifecycle_management:7.1.0:interim_fix_009:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_lifecycle_management:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:engineering_lifecycle_management:7.2.0:interim_fix_001:*:*:*:*:*:*
Vendors & Products Ibm
Ibm engineering Lifecycle Management
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-07-17T19:49:10.380Z

Reserved: 2026-07-07T16:58:17.358Z

Link: CVE-2026-14979

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-17T22:00:04Z

Weaknesses