Metrics
Affected Vendors & Products
Solution
IBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below: IBM recommends customers on ELM 7.0, 7.0.1 or any version below 7.0.2 to upgrade your products to Maintenance release 7.0.2. Optionally, upgrade to the latest 7.1.0 version and apply below fix. Affected Product(s)Version(s)Remediation/Fix/InstructionsIBM Engineering Lifecycle Management - Jazz Foundation7.0.2Download and install 7.0.2 iFix035-sec https://www.ibm.com/support/fixcentral/swg/downloadFixes or laterIBM Engineering Lifecycle Management - Jazz Foundation7.0.3Download and install 7.0.3 iFix018-sec https://www.ibm.com/support/fixcentral/swg/downloadFixes or laterIBM Engineering Lifecycle Management - Jazz Foundation7.1.0Download and install 7.1.0 iFix004-sec https://www.ibm.com/support/fixcentral/swg/downloadFixes or later Apart from installing these iFixes, kindly perform the following additional step as mentioned below: 1. Set the Advanced property named "setup.isRegistrationHandlerServiceOpen" to "False" under Jazz Team Server (JTS) > Server Administration > Advanced property page and save your changes.
Workaround
No workaround given by the vendor.
Link | Providers |
---|---|
https://www.ibm.com/support/pages/node/7242925 |
![]() ![]() |
Tue, 26 Aug 2025 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | IBM Jazz Foundation incorrect authorization | IBM Engineering Lifecycle Management incorrect authorization |
Mon, 25 Aug 2025 12:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Sun, 24 Aug 2025 01:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions. | |
Title | IBM Jazz Foundation incorrect authorization | |
First Time appeared |
Ibm
Ibm jazz Foundation |
|
Weaknesses | CWE-863 | |
CPEs | cpe:2.3:a:ibm:jazz_foundation:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix035:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix018:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix004:*:*:*:*:*:* |
|
Vendors & Products |
Ibm
Ibm jazz Foundation |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: ibm
Published:
Updated: 2025-08-26T14:46:31.452Z
Reserved: 2025-04-15T21:16:20.813Z
Link: CVE-2025-36157

Updated: 2025-08-25T11:34:51.711Z

Status : Awaiting Analysis
Published: 2025-08-24T02:15:44.100
Modified: 2025-08-25T20:24:45.327
Link: CVE-2025-36157

No data.

No data.