CVE-2026-3603EPSS p27.2%

CVE-2026-3603CVE-2026-3603

ibm / engineering_lifecycle_management

Description

IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through  Interim Fix 021, 7.1.0  Interim Fix 001 through  Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

Scoring

CVSS 7.1 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
EPSS0.35% probability of exploitation · percentile 27.2% · 2026-06-19T12:03:05Z
Last modified2026-06-02

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-3660
CVE
CVE-2025-36049
CVE
CVE-2025-12531
CVE
CVE-2025-36247
CVE
CVE-2026-8045
CVE
CVE-2026-8633
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.