XXE in Ibm Engineering Lifecycle Management
CVE-2026-14979
IBM Engineering Lifecycle Management 7.0.3 ( Interim Fix 001 through ) Interim Fix 021, 7.1.0 ( Interim Fix 001 through ) Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 DOORS could allow a remote attacker to cause a denial of service…
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L.
Affected products
- Ibm Engineering Lifecycle Management — versions 7.0.3 ( Interim Fix 001, 7.1.0 ( Interim Fix 001, 7.2.0 and 7.2.0 Interim Fix 001
Weakness classification (CWE)
References
- psirt@us.ibm.com (vendor-advisory, patch)
Frequently asked questions
- What is CVE-2026-14979?
- CVE-2026-14979 is a medium-severity vulnerability in Ibm Engineering Lifecycle Management, classified under Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion). CVSS score: 5.3/10. Published 2026-07-17.
- How severe is CVE-2026-14979?
- Medium severity. CVSS v3 base score is 5.3 out of 10.