IBM Engineering Lifecycle Management versions 7.0.3, 7.1.0, and 7.2.0, including their respective interim fixes up to 021, 009, and 001, contain an authorization flaw (CWE-863) that could allow an unauthenticated remote attacker to modify server property files. This unauthorized modification could lead to unauthorized access to the application. The vulnerability is remote and requires no privileges or user interaction, resulting in high impact on confidentiality, integrity, and availability. No official remediation or patch information is currently available from IBM, and the product is not a cloud service, so remediation depends on vendor patch releases.

An unauthenticated remote attacker can update server property files, which may allow them to gain unauthorized access to the IBM Engineering Lifecycle Management application. This could compromise the confidentiality, integrity, and availability of the affected system. The CVSS score of 9.8 reflects the critical nature of this vulnerability. There are no known exploits in the wild currently.

Patch status is not yet confirmed — check the IBM vendor advisory for current remediation guidance. Since no official fix or temporary workaround is provided, users should monitor IBM's security advisories closely and restrict network access to affected versions where possible until a patch is available.