CVE-2025-15395 — Incorrect Authorization in IBM Jazz Foundation

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

5.4MEDIUMNVD

CNA4.3

EPSS

0.0%

top 98.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Jazz Foundation

Timeline

PublishedFeb 2

Description

IBM Jazz Foundation 7.0.3 through 7.0.3 iFix019 and 7.1.0 through 7.1.0 iFix005 is vulnerable to access control violations that allows the users to view or access/perform actions beyond their expected capability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

▶CVEListV5ibm/jazz_foundation7.0.3 — 7.0.3 iFix019+1

▶NVDibm/jazz_foundation7.0.3, 7.1.0+1

🔴Vulnerability Details

CVEList

IBM Jazz Foundation access control violation↗2026-02-02

▶

GHSA

GHSA-x983-7w29-6j6h: IBM Jazz Foundation 7↗2026-02-02

▶