{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15395", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-12-31T14:28:58.770Z", "datePublished": "2026-02-02T15:10:56.983Z", "dateUpdated": "2026-02-02T16:45:31.338Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix019:*:*:*:*:*:*", "cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix005:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "Jazz Foundation", "vendor": "IBM", "versions": [{"lessThanOrEqual": "7.0.3 iFix019", "status": "affected", "version": "7.0.3", "versionType": "semver"}, {"lessThanOrEqual": "7.1.0 iFix005", "status": "affected", "version": "7.1.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM Jazz Foundation&nbsp;<span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">7.0.3 through&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">7.0.3 iFix019 and&nbsp;</span></span><span style=\"background-color: rgb(255, 255, 255);\">7.1.0 through&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">7.1.0 iFix005</span></span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">is vulnerable to access control violations that allows the users to view or access/perform actions beyond their expected capability.</span><br></span></span><br>"}], "value": "IBM Jazz Foundation\u00a07.0.3 through\u00a07.0.3 iFix019 and\u00a07.1.0 through\u00a07.1.0 iFix005\u00a0is vulnerable to access control violations that allows the users to view or access/perform actions beyond their expected capability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-02-02T15:10:56.983Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7258304"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>IBM recommends customers on ELM 7.0.1, 7.0.2 or any version below 7.0.3 to upgrade your products to Maintenance release 7.0.3 and apply below fix.</p><p>Optionally, upgrade to the latest 7.2.0 version.</p><div><table><tbody><tr><td><strong>Affected Product(s)</strong></td><td><strong>Version(s)</strong></td><td><strong>Remediation/Fix/Instructions</strong></td></tr><tr><td><p>IBM Engineering Lifecycle Management - Jazz Foundation</p></td><td>7.0.3</td><td>Download and install <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management&amp;release=7.0.3&amp;platform=All&amp;function=fixId&amp;fixids=7.0.3-IBM-ELM-iFix020&amp;includeRequisites=0&amp;includeSupersedes=0&amp;downloadMethod=http\">iFix020</a>&nbsp;or later</td></tr><tr><td><p>IBM Engineering Lifecycle Management - Jazz Foundation</p></td><td>7.1.0</td><td>Download and install <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management&amp;release=7.1&amp;platform=All&amp;function=fixId&amp;fixids=7.1-IBM-ELM-iFix006&amp;includeRequisites=0&amp;includeSupersedes=0&amp;downloadMethod=http\">iFix006</a>&nbsp;or later</td></tr></tbody></table></div><br><br>"}], "value": "IBM recommends customers on ELM 7.0.1, 7.0.2 or any version below 7.0.3 to upgrade your products to Maintenance release 7.0.3 and apply below fix.\n\nOptionally, upgrade to the latest 7.2.0 version.\n\nAffected Product(s)Version(s)Remediation/Fix/InstructionsIBM Engineering Lifecycle Management - Jazz Foundation\n\n7.0.3Download and install iFix020 https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or laterIBM Engineering Lifecycle Management - Jazz Foundation\n\n7.1.0Download and install iFix006 https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or later"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Jazz Foundation access control violation", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-02T16:44:58.231516Z", "id": "CVE-2025-15395", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-02T16:45:31.338Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-15395", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-02T16:44:58.231516Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-02T16:45:23.182Z"}}], "cna": {"title": "IBM Jazz Foundation access control violation", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix019:*:*:*:*:*:*", "cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix005:*:*:*:*:*:*"], "vendor": "IBM", "product": "Jazz Foundation", "versions": [{"status": "affected", "version": "7.0.3", "versionType": "semver", "lessThanOrEqual": "7.0.3 iFix019"}, {"status": "affected", "version": "7.1.0", "versionType": "semver", "lessThanOrEqual": "7.1.0 iFix005"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "IBM recommends customers on ELM 7.0.1, 7.0.2 or any version below 7.0.3 to upgrade your products to Maintenance release 7.0.3 and apply below fix.\n\nOptionally, upgrade to the latest 7.2.0 version.\n\nAffected Product(s)Version(s)Remediation/Fix/InstructionsIBM Engineering Lifecycle Management - Jazz Foundation\n\n7.0.3Download and install iFix020 https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or laterIBM Engineering Lifecycle Management - Jazz Foundation\n\n7.1.0Download and install iFix006 https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or later", "supportingMedia": [{"type": "text/html", "value": "<p>IBM recommends customers on ELM 7.0.1, 7.0.2 or any version below 7.0.3 to upgrade your products to Maintenance release 7.0.3 and apply below fix.</p><p>Optionally, upgrade to the latest 7.2.0 version.</p><div><table><tbody><tr><td><strong>Affected Product(s)</strong></td><td><strong>Version(s)</strong></td><td><strong>Remediation/Fix/Instructions</strong></td></tr><tr><td><p>IBM Engineering Lifecycle Management - Jazz Foundation</p></td><td>7.0.3</td><td>Download and install <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management&amp;release=7.0.3&amp;platform=All&amp;function=fixId&amp;fixids=7.0.3-IBM-ELM-iFix020&amp;includeRequisites=0&amp;includeSupersedes=0&amp;downloadMethod=http\">iFix020</a>&nbsp;or later</td></tr><tr><td><p>IBM Engineering Lifecycle Management - Jazz Foundation</p></td><td>7.1.0</td><td>Download and install <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&amp;product=ibm/Rational/IBM+Engineering+Lifecycle+Management&amp;release=7.1&amp;platform=All&amp;function=fixId&amp;fixids=7.1-IBM-ELM-iFix006&amp;includeRequisites=0&amp;includeSupersedes=0&amp;downloadMethod=http\">iFix006</a>&nbsp;or later</td></tr></tbody></table></div><br><br>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7258304", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "IBM Jazz Foundation\u00a07.0.3 through\u00a07.0.3 iFix019 and\u00a07.1.0 through\u00a07.1.0 iFix005\u00a0is vulnerable to access control violations that allows the users to view or access/perform actions beyond their expected capability.", "supportingMedia": [{"type": "text/html", "value": "IBM Jazz Foundation&nbsp;<span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">7.0.3 through&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">7.0.3 iFix019 and&nbsp;</span></span><span style=\"background-color: rgb(255, 255, 255);\">7.1.0 through&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">7.1.0 iFix005</span></span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">is vulnerable to access control violations that allows the users to view or access/perform actions beyond their expected capability.</span><br></span></span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-02-02T15:10:56.983Z"}}}, "cveMetadata": {"cveId": "CVE-2025-15395", "state": "PUBLISHED", "dateUpdated": "2026-02-02T16:45:31.338Z", "dateReserved": "2025-12-31T14:28:58.770Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2026-02-02T15:10:56.983Z", "assignerShortName": "ibm"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Jazz Foundation\u00a07.0.3 through\u00a07.0.3 iFix019 and\u00a07.1.0 through\u00a07.1.0 iFix005\u00a0is vulnerable to access control violations that allows the users to view or access/perform actions beyond their expected capability."}], "id": "CVE-2025-15395", "lastModified": "2026-02-02T16:16:18.187", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2026-02-02T16:16:18.187", "references": [{"source": "psirt@us.ibm.com", "url": "https://www.ibm.com/support/pages/node/7258304"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}

{}