IBM Issues Critical Patch for Jazz Team Server Vulnerability (CVE-2025-36157)

IBM has released a security bulletin addressing a severe vulnerability in its Jazz Team Server, a Java-based web application that underpins multiple products in the IBM Engineering Lifecycle Management (ELM) suite. The flaw, tracked as CVE-2025-36157, carries a CVSS score of 9.8, making it a critical risk for enterprises relying on these tools.

According to IBM, “Jazz Team Server could allow an unauthenticated remote attacker to update server configuration files which would allow them to perform unauthorized actions, subsequently leading to a Denial of Service condition.”

The vulnerability impacts several IBM ELM products and components, including:

• IBM Engineering Lifecycle Management – Jazz Foundation
• IBM Engineering Workflow Management
• IBM Engineering Test Management
• IBM Engineering Requirements Management DOORS Next
• IBM Engineering Lifecycle Optimization – Engineering Insights
• IBM Engineering Systems Design Rhapsody – Model Manager
• IBM Jazz Reporting Service

Global Configuration Management

• Affected versions span 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004.

IBM strongly urges customers to act immediately. The bulletin states: “IBM strongly recommends addressing the vulnerability now by upgrading to iFixes detailed below.”

The required fixes are:

• 7.0.2 → Apply 7.0.2 iFix035-sec or later
• 7.0.3 → Apply 7.0.3 iFix018-sec or later
• 7.1.0 → Apply 7.1.0 iFix004-sec or later

Additionally, IBM recommends that customers running ELM 7.0, 7.0.1, or earlier versions upgrade to 7.0.2 or later before applying the fixes.

Beyond installing the iFixes, administrators are advised to change an advanced property setting:

“Set the Advanced property named setup.isRegistrationHandlerServiceOpen to False under Jazz Team Server (JTS) > Server Administration > Advanced property page and save your changes.”

Jazz Team Server is central to IBM’s ELM ecosystem, providing foundational services that integrate applications like workflow management, test management, and requirements management into a unified platform. Because this vulnerability can be exploited without authentication, attackers could directly manipulate server property files, potentially leading to service disruption or broader compromise of dependent systems.

Given the widespread use of IBM ELM in enterprise and government environments, unpatched systems represent a significant target for cyber adversaries.

Related Posts:

• IBM created the world’s smallest computer
• IBM Completes Acquisition of HashiCorp, Ushering in New Era of Hybrid Cloud Automation

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy