IBM Engineering Lifecycle Optimization - Publishing
Moderate fix2 remedies
cpe:2.3:a:ibm:engineering_lifecycle_optimization_publishing:*:*:*:*:*:*:*
Moderate fix2 remedies
- 7.0.3
- 7.0.2
IBM Engineering Lifecycle Optimization - Publishing Denial-of-Service Vulnerability via Complex Regular Expressions
Vulnerability
A denial-of-service vulnerability has been identified in IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3. This issue allows remote attackers to disrupt service by exploiting inefficient regular expression processing, which can lead to catastrophic backtracking and event loop blocking in server-side environments like Node.js.
Impact
Exploitation of this vulnerability can cause a denial-of-service condition, where the application becomes unresponsive due to prolonged processing of crafted input by a complex regular expression.
Remediation
Users can upgrade to IBM Engineering Lifecycle Optimization - Publishing version 7.0.3 iFix010 or later, or version 7.0.2 iFix032 or later, to address this vulnerability.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
1.4impact
2.5exploitability
7.0remediation
7.0relevance
0.0threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.