Skip to main content

IBM ELM DOORS EUVDEUVD-2026-45300

| CVE-2026-14979 MEDIUM
Improper Restriction of Recursive Entity References in DTDs (CWE-776)
2026-07-17 psirt@us.ibm.com GHSA-w545-wjm2-rf4h
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
vuln.today AI
7.5 HIGH

Network-reachable unauthenticated endpoint per vendor CVSS; XML entity expansion (CWE-776) typically causes full resource exhaustion warranting A:H rather than IBM's A:L.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

1
Analysis Generated
Jul 17, 2026 - 20:36 vuln.today

DescriptionNVD

IBM Engineering Lifecycle Management 7.0.3 ( Interim Fix 001 through ) Interim Fix 021, 7.1.0 ( Interim Fix 001 through ) Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 DOORS could allow a remote attacker to cause a denial of service due to improper handling of XML entity expansion.

AnalysisAI

Denial of service in IBM Engineering Lifecycle Management DOORS exposes three affected release trains to remote exhaustion of availability resources via malformed XML input. The DOORS component fails to restrict recursive XML entity expansion (the 'Billion Laughs' pattern, CWE-776), allowing a network-adjacent attacker without credentials to trigger excessive memory or CPU consumption in the XML parser. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify network-accessible DOORS endpoint
Delivery
Craft recursive XML entity payload
Exploit
Submit HTTP request with XML bomb
Execution
Parser enters exponential expansion loop
Persist
Service memory or CPU exhausted
Impact
DOORS availability disrupted for all users

Vulnerability AssessmentAI

Exploitation Based on the CVSS vector (AV:N/AC:L/PR:N/UI:N), no authentication is required and no user interaction is needed - the vulnerability is reachable by any network client that can send an HTTP or protocol-level request to the IBM ELM DOORS endpoint. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD CVSS 3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) captures a network-reachable, zero-prerequisite denial-of-service path, though IBM's assignment of A:L (low availability impact) may underrepresent the realistic effect of XML entity expansion, which can fully exhaust process memory. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker with network access to the IBM ELM DOORS service endpoint crafts an HTTP request containing a malicious XML payload embedding deeply nested recursive entity references (a 'Billion Laughs'-style bomb). Upon receipt, the DOORS XML parser begins entity expansion and enters an exponential memory or CPU consumption loop. …
Remediation The primary remediation is to apply the IBM-published interim fixes that address this vulnerability, as detailed in the vendor advisory at https://www.ibm.com/support/pages/node/7279963. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-45300 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy