CVE-2025-15395 - Vulnerability Details - OpenCVE

IBM Jazz Foundation 7.0.3 through 7.0.3 iFix019 and 7.1.0 through 7.1.0 iFix005 is vulnerable to access control violations that allows the users to view or access/perform actions beyond their expected capability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Jazz Foundation

No data.

No data.

No data.

References

Link	Providers
https://www.ibm.com/support/pages/node/7258304

History

Mon, 02 Feb 2026 15:30:00 +0000

Type	Values Removed	Values Added
Description		IBM Jazz Foundation 7.0.3 through 7.0.3 iFix019 and 7.1.0 through 7.1.0 iFix005 is vulnerable to access control violations that allows the users to view or access/perform actions beyond their expected capability.
Title		IBM Jazz Foundation access control violation
First Time appeared		Ibm Ibm jazz Foundation
Weaknesses		CWE-863
CPEs		cpe:2.3:a:ibm:jazz_foundation:7.0.3:::::::* cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix019:::::: cpe:2.3:a:ibm:jazz_foundation:7.1.0:::::::* cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix005::::::
Vendors & Products		Ibm Ibm jazz Foundation
References		https://www.ibm.com/support/pages/node/7258304
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}`

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2026-02-02T15:10:56.983Z

Updated: 2026-02-02T16:45:31.338Z

Reserved: 2025-12-31T14:28:58.770Z

Link: CVE-2025-15395

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-02-02T16:16:18.187

Modified: 2026-02-02T16:16:18.187

Link: CVE-2025-15395

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15395", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-12-31T14:28:58.770Z", "datePublished": "2026-02-02T15:10:56.983Z", "dateUpdated": "2026-02-02T16:45:31.338Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:jazz_foundation:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix019:*:*:*:*:*:*", "cpe:2.3:a:ibm:jazz_foundation:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix005:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "Jazz Foundation", "vendor": "IBM", "versions": [{"lessThanOrEqual": "7.0.3 iFix019", "status": "affected", "version": "7.0.3", "versionType": "semver"}, {"lessThanOrEqual": "7.1.0 iFix005", "status": "affected", "version": "7.1.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM Jazz Foundation <span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">7.0.3 through <span style=\"background-color: rgb(255, 255, 255);\">7.0.3 iFix019 and </span></span><span style=\"background-color: rgb(255, 255, 255);\">7.1.0 through <span style=\"background-color: rgb(255, 255, 255);\">7.1.0 iFix005</span></span><span style=\"background-color: rgb(255, 255, 255);\"> <span style=\"background-color: rgb(255, 255, 255);\">is vulnerable to access control violations that allows the users to view or access/perform actions beyond their expected capability.</span><br></span></span><br>"}], "value": "IBM Jazz Foundation\u00a07.0.3 through\u00a07.0.3 iFix019 and\u00a07.1.0 through\u00a07.1.0 iFix005\u00a0is vulnerable to access control violations that allows the users to view or access/perform actions beyond their expected capability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-02-02T15:10:56.983Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7258304"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>IBM recommends customers on ELM 7.0.1, 7.0.2 or any version below 7.0.3 to upgrade your products to Maintenance release 7.0.3 and apply below fix.</p><p>Optionally, upgrade to the latest 7.2.0 version.</p><div><table><tbody><tr><td><strong>Affected Product(s)</strong></td><td><strong>Version(s)</strong></td><td><strong>Remediation/Fix/Instructions</strong></td></tr><tr><td><p>IBM Engineering Lifecycle Management - Jazz Foundation</p></td><td>7.0.3</td><td>Download and install <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Lifecycle+Management&release=7.0.3&platform=All&function=fixId&fixids=7.0.3-IBM-ELM-iFix020&includeRequisites=0&includeSupersedes=0&downloadMethod=http\">iFix020</a> or later</td></tr><tr><td><p>IBM Engineering Lifecycle Management - Jazz Foundation</p></td><td>7.1.0</td><td>Download and install <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Lifecycle+Management&release=7.1&platform=All&function=fixId&fixids=7.1-IBM-ELM-iFix006&includeRequisites=0&includeSupersedes=0&downloadMethod=http\">iFix006</a> or later</td></tr></tbody></table></div><br><br>"}], "value": "IBM recommends customers on ELM 7.0.1, 7.0.2 or any version below 7.0.3 to upgrade your products to Maintenance release 7.0.3 and apply below fix.\n\nOptionally, upgrade to the latest 7.2.0 version.\n\nAffected Product(s)Version(s)Remediation/Fix/InstructionsIBM Engineering Lifecycle Management - Jazz Foundation\n\n7.0.3Download and install iFix020 https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or laterIBM Engineering Lifecycle Management - Jazz Foundation\n\n7.1.0Download and install iFix006 https://www.ibm.com/support/fixcentral/swg/downloadFixes \u00a0or later"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Jazz Foundation access control violation", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-02T16:44:58.231516Z", "id": "CVE-2025-15395", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-02T16:45:31.338Z"}}]}}