CVE-2026-14979
Received Received - Intake

Denial of Service in IBM Engineering Lifecycle Management

Vulnerability report for CVE-2026-14979, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: IBM Corporation

Description

IBM Engineering Lifecycle Management 7.0.3 ( Interim Fix 001 through ) Interim Fix 021, 7.1.0 ( Interim Fix 001 through ) Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 DOORS could allow a remote attacker to cause a denial of service due to improper handling of XML entity expansion.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-18
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 6 associated CPEs
Vendor Product Version / Range
ibm engineering_lifecycle_management 7.0.3
ibm engineering_lifecycle_management From 7.1.0 (inc) to 7.1.1 (exc)
ibm engineering_lifecycle_management 7.2.0
ibm engineering_lifecycle_management From iFix001 (exc) to iFix021 (inc)
ibm engineering_lifecycle_management From iFix001 (exc) to iFix009 (inc)
ibm engineering_lifecycle_management to iFix001 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-776 The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

IBM Engineering Lifecycle Management versions 7.0.3 (iFix001 to iFix021), 7.1.0 (iFix001 to iFix009), and 7.2.0 (including iFix001) are vulnerable to an XML Entity Expansion attack. This flaw allows a remote attacker to cause a denial of service by exploiting improper handling of XML entity expansion in the Jazz Foundation component.

Impact Analysis

This vulnerability could allow an attacker to disrupt services by causing a denial of service. Affected systems may become unresponsive or crash due to excessive resource consumption from XML entity expansion.

Mitigation Strategies

Upgrade to the recommended iFixes: iFix022 for version 7.0.3, iFix010 for version 7.1.0, and iFix002 for version 7.2.0. IBM does not provide workarounds or mitigations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-14979. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart