XXE in Ibm Engineering Lifecycle Management

CVE-2026-14979

IBM Engineering Lifecycle Management 7.0.3 ( Interim Fix 001 through ) Interim Fix 021, 7.1.0 ( Interim Fix 001 through ) Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 DOORS could allow a remote attacker to cause a denial of service…

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2026-14979?
CVE-2026-14979 is a medium-severity vulnerability in Ibm Engineering Lifecycle Management, classified under Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion). CVSS score: 5.3/10. Published 2026-07-17.
How severe is CVE-2026-14979?
Medium severity. CVSS v3 base score is 5.3 out of 10.