Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Network-reachable unauthenticated endpoint per vendor CVSS; XML entity expansion (CWE-776) typically causes full resource exhaustion warranting A:H rather than IBM's A:L.
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
1DescriptionNVD
IBM Engineering Lifecycle Management 7.0.3 ( Interim Fix 001 through ) Interim Fix 021, 7.1.0 ( Interim Fix 001 through ) Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 DOORS could allow a remote attacker to cause a denial of service due to improper handling of XML entity expansion.
AnalysisAI
Denial of service in IBM Engineering Lifecycle Management DOORS exposes three affected release trains to remote exhaustion of availability resources via malformed XML input. The DOORS component fails to restrict recursive XML entity expansion (the 'Billion Laughs' pattern, CWE-776), allowing a network-adjacent attacker without credentials to trigger excessive memory or CPU consumption in the XML parser. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Based on the CVSS vector (AV:N/AC:L/PR:N/UI:N), no authentication is required and no user interaction is needed - the vulnerability is reachable by any network client that can send an HTTP or protocol-level request to the IBM ELM DOORS endpoint. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The NVD CVSS 3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) captures a network-reachable, zero-prerequisite denial-of-service path, though IBM's assignment of A:L (low availability impact) may underrepresent the realistic effect of XML entity expansion, which can fully exhaust process memory. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated attacker with network access to the IBM ELM DOORS service endpoint crafts an HTTP request containing a malicious XML payload embedding deeply nested recursive entity references (a 'Billion Laughs'-style bomb). Upon receipt, the DOORS XML parser begins entity expansion and enters an exponential memory or CPU consumption loop. … |
| Remediation | The primary remediation is to apply the IBM-published interim fixes that address this vulnerability, as detailed in the vendor advisory at https://www.ibm.com/support/pages/node/7279963. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-45300
GHSA-w545-wjm2-rf4h