IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
PUBLISHED5.2ApplicationCWE-79
IBM Engineering Lifecycle Management - Global Configuration Management is vulnerable to cross-site scripting
Problem type
Affected products
IBM
Engineering Lifecycle Management - Global Configuration Management
<= 7.0.3 Interim Fix 017 - AFFECTED
<= 7.1.0 Interim Fix 004 - AFFECTED
References
GitHub Security Advisories
GHSA-mrxh-c37v-gc5w
IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3...
https://github.com/advisories/GHSA-mrxh-c37v-gc5wIBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
JSON source
https://cveawg.mitre.org/api/cve/CVE-2025-36033Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2025-36033",
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"dateUpdated": "2026-02-03T22:12:36.858Z",
"dateReserved": "2025-04-15T21:16:09.684Z",
"datePublished": "2026-02-03T22:12:29.853Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm",
"dateUpdated": "2026-02-03T22:12:36.858Z"
},
"title": "IBM Engineering Lifecycle Management - Global Configuration Management is vulnerable to cross-site scripting",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "<p>IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.</p>"
}
]
}
],
"affected": [
{
"vendor": "IBM",
"product": "Engineering Lifecycle Management - Global Configuration Management",
"cpes": [
"cpe:2.3:a:ibm:engineering_lifecycle_management___global_configuration_management:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:engineering_lifecycle_management___global_configuration_management:7.0.3:interim_fix_017:*:*:*:*:*:*",
"cpe:2.3:a:ibm:engineering_lifecycle_management___global_configuration_management:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:engineering_lifecycle_management___global_configuration_management:7.1.0:interim_fix_004:*:*:*:*:*:*"
],
"versions": [
{
"version": "7.0.3",
"status": "affected",
"versionType": "semver",
"lessThanOrEqual": "7.0.3 Interim Fix 017"
},
{
"version": "7.1.0",
"status": "affected",
"versionType": "semver",
"lessThanOrEqual": "7.1.0 Interim Fix 004"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7258063",
"tags": [
"vendor-advisory",
"patch"
]
}
],
"metrics": [
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
],
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
}
}
],
"solutions": [
{
"lang": "en",
"value": "IBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below:\n\nIBM recommends customers on ELM 7.0.1, 7.0.2 or any version below 7.0.3 to upgrade your products to Maintenance release 7.0.3 and apply below fix.\n\nOptionally, upgrade to the latest 7.2.0 version.\n\nAffected Product(s)Version(s)Remediation/Fix/InstructionsIBM Engineering Lifecycle Management - Jazz Foundation\n\n7.0.3Download and install iFix018 https://www.ibm.com/support/fixcentral/swg/downloadFixes or laterIBM Engineering Lifecycle Management - Jazz Foundation\n\n7.1.0Download and install iFix005 https://www.ibm.com/support/fixcentral/swg/downloadFixes or later",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": "<p>IBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below:</p><p>IBM recommends customers on ELM 7.0.1, 7.0.2 or any version below 7.0.3 to upgrade your products to Maintenance release 7.0.3 and apply below fix.</p><p>Optionally, upgrade to the latest 7.2.0 version.</p><div><table><tbody><tr><td><strong>Affected Product(s)</strong></td><td><strong>Version(s)</strong></td><td><strong>Remediation/Fix/Instructions</strong></td></tr><tr><td><p>IBM Engineering Lifecycle Management - Jazz Foundation</p></td><td>7.0.3</td><td>Download and install <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Lifecycle+Management&release=7.0.3&platform=All&function=fixId&fixids=7.0.3-IBM-ELM-iFix018&includeRequisites=0&includeSupersedes=0&downloadMethod=ddp\">iFix018</a> or later</td></tr><tr><td><p>IBM Engineering Lifecycle Management - Jazz Foundation</p></td><td>7.1.0</td><td>Download and install <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Lifecycle+Management&release=7.1&platform=All&function=fixId&fixids=7.1-IBM-ELM-iFix005&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp\">iFix005</a> or later</td></tr></tbody></table></div><br><br>"
}
]
}
]
}
}
}