Security Bulletin: Custom "Execution States" names on IBM Engineering Test Management TCER pages are vulnerable to XSS ( CVE-2021-38934 )

Summary ETM allows customization of "Execution States" names, allowing the injection of XSS payloads and making them vulnerable to XSS. Custom values into the names of "Execution States" are not encoded while displaying them on the "Test Cases Execution Records" TCER pages, allowing the execution...

CVE-2024-12656

A vulnerability, which was classified as problematic, was found in FabulaTech USB over Network 6.0.6.1. This affects the function 0x220448 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The...

FabulaTech USB over Network 安全漏洞

FabulaTech USB over Network is a software solution from FabulaTech that allows you to access remote USB devices over a TCP/IP network or the Internet. A security vulnerability exists in FabulaTech USB over Network version 6.0.6.1 that originates from a null pointer dereference...

PT-2024-17694 · Fabulatech · Fabulatech Usb Over Network

Name of the Vulnerable Software and Affected Versions: FabulaTech USB over Network version 6.0.6.1 Description: A problematic vulnerability was found in the function 0x220408 of the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference, requiring ...

Security Bulletin: The IBM® Engineering Lifecycle Engineering displays sensitive Information on ADMIN page (CVE-2022-34355).

Summary Application displays Sensitive Information related to the backend technologies like JVM, DB Version, Application Server on ADMIN page. Vulnerability Details CVEID:CVE-2022-34355 DESCRIPTION: IBM Jazz Foundation could disclose sensitive version information to a user that could be used in...

Security Bulletin: The IBM® Engineering Lifecycle Management products recommendation for Java CPU CVE-2021-35561

Summary Java version 7.0.11.5 and earlier, 7.1.5.5 and earlier, 8.0.7.6 and earlier are affected by a flaw in the java.util component allows an attacker to inflict a denial of service via malicious serialized data which triggers an OutOfMemoryError. Vulnerability Details Refer to the security...

Security Bulletin: A Remote Attack Vulnerability in Apache Log4j affects IBM Engineering Lifecycle Optimization - Publishing

Summary There is a Vulnerability in Apache Log4j CVE-2021-44228 which is used by "IBM Engineering Lifecycle Optimization - Publishing PUB" and "Rational Publishing Engine RPE." Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary...

Improper access control

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 213725...

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to Host Header Injection (CVE-2021-39028)

Summary IBM Engineering Lifecycle Optimization - Publishing is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. CVE-2021-39028. Vulnerability Details CVEID: CVE-2021-39028 DESCRIPTION: IBM Engineering Lifecycle Optimization - Publishing is vulnerabl...

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing Document Builder is vulnerable to SQLinjection (CVE-2021-39018)

Summary UI validation to Folder Name field is missing in IBM Engineering Lifecycle Optimization - Publishing Document Builder, resulting in display of SQL error to UI. This indicates the presence of SQL injection vulnerability. CVE-2021-39018 Vulnerability Details CVEID: CVE-2021-39018 DESCRIPTIO...

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to Malicious File Upload (CVE-2021-39017)

Summary In IBM Engineering Lifecycle Optimization - Publishing, there are no file extension and content-type checks in place which helps an attacker to upload a malicious file of their choice. CVE-2021-39017 Vulnerability Details CVEID: CVE-2021-39017 DESCRIPTION: IBM Engineering Lifecycle...

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to External Service Interaction (CVE-2021-39016)

Summary In IBM Engineering Lifecycle Optimization - Publishing, it is possible to induce the application to perform server-side HTTP and HTTPS requests to arbitrary domains. CVE-2021-39016. Vulnerability Details CVEID: CVE-2021-39016 DESCRIPTION: IBM Engineering Lifecycle Optimization - Publishin...

Security Bulletin: IBM Engineering Test Management is vulnerable to execute arbitrary commands on system due to XStream ( CVE-2021-29505 ).

Summary IBM Engineering Test Management is vulnerable to remote attacker to execute arbitrary commands on the system, caused by improper input validation. By manipulating the processed input stream, an attacker could exploit this vulnerability to execute arbitrary commands on the system...

CVE-2021-29865

The CVE-2021-29865 issue affects IBM Jazz Team Server versions 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2, where lack of proper HTTP headers (X-Frame-Options / Content-Security-Policy) enables clickjacking, allowing a remote attacker to hijack a user’s click actions by convincing the victim to visit a...

Security Bulletin: Multiple Security Vulnerabilities affect IBM® Rational® Quality Manager

Summary IBM® Rational® Quality Manager is vulnerable to multiple security vulnerabilities. Vulnerability Details CVEID: CVE-2019-10173 DESCRIPTION: xstream API could allow a remote attacker to execute arbitrary commands on the system, caused by insecure XML deserialization. By sending a...

IBM Jazz Reporting Service 跨站脚本漏洞

IBM Jazz Reporting Service helps you quickly and easily integrate data from a variety of data sources across your tools and projects, and provides a set of ready-to-use reports for sharing information about your lifecycle management projects. A cross-site scripting vulnerability exists in IBM Jaz...

Security Bulletin: OpenSSL vulnerability affects IBM Engineering Workflow Management

Summary OpenSSL has a security vulnerability that allows a remote attacker to exploit the application. OpenSSL is used by Rational BuildForge Agent shipped with IBM Engineering Workflow Management. Rational BuildForge has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-1551...

CVE-2020-4316

IBM Publishing Engine is affected by CVE-2020-4316 due to not setting the secure attribute on authorization tokens and session cookies. Impact: cookies may be exposed when a user visits an http link or a site embedding it, allowing eavesdropping of cookie values. Affected versions: IBM Publishing...

Cross site scripting

IBM DOORS Next Generation DNG/RRC 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2020-4297

Summary: CVE-2020-4297 affects IBM Engineering Requirements Management DOORS Next (RDNG) / DOORS Next Generation (DNG) with versions 6.0.2, 6.0.6, 6.0.6.1, and 7.0. The issue is a cross-site scripting vulnerability in the Web UI that could allow a user to embed arbitrary JavaScript, potentially a...