CVE-2020-26517

CVE-2020-26517 affects Intland codeBeamer ALM, versions 10.x through 10.1.SP4. The issue is a cross-site scripting (XSS) vulnerability that can be exploited via: (1) WebDAV file uploads to a project by authenticated users, (2) the users import functionality by admin users, and (3) modifying the l...

CVE-2020-26517

A cross-site scripting XSS issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project Authn users, using the users import functionality Admin only, and changing the login text in t...

CVE-2020-26516

The CVE-2020-26516 issue affects Intland codeBeamer ALM (versions 10.x through 10.1.SP4). The root cause is missing CSRF tokens in requests that trigger server actions, allowing crafted requests to cause a victim’s browser to perform undesired actions within the web application. The NVD entry lis...

CVE-2020-26516

A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim's browser to execute undesired actions in the web application...

PT-2021-11242 · Intland · Intland Codebeamer Alm

Name of the Vulnerable Software and Affected Versions: Intland codeBeamer ALM versions 10.x through 10.1.SP4 Description: A CSRF issue allows attackers to cause a victim's browser to execute undesired actions in the web application through crafted requests. This is possible because requests sent ...

Intland codeBeamer ALM 跨站请求伪造漏洞

Intland Software codeBeamer ALM is an application lifecycle management platform from Intland Software, Germany. The platform supports application lifecycle management, requirements management, risk management and software development. A security vulnerability exists in Intland codeBeamer ALM 10,...

PT-2021-11243 · Intland · Codebeamer Alm

Name of the Vulnerable Software and Affected Versions: Intland codeBeamer ALM versions 10.x through 10.1.SP4 Description: A cross-site scripting XSS issue was discovered. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project, using the users...

Intland Software codeBeamer ALM 跨站脚本漏洞

Intland Software codeBeamer ALM is an application lifecycle management platform from Intland Software, Germany. The platform supports application lifecycle management, requirements management, risk management and software development. A security vulnerability exists in Intland that can be exploit...

Intland codeBeamer ALM 安全漏洞

Intland Software codeBeamer ALM is an application lifecycle management platform from Intland Software, Germany. The platform supports application lifecycle management, requirements management, risk management and software development. A security vulnerability exists in Intland codeBeamer ALM 10,...

PT-2021-11241 · Intland · Codebeamer Alm

Name of the Vulnerable Software and Affected Versions: Intland codeBeamer ALM versions 10.x through 10.1.SP4 Description: An issue with insufficiently protected credentials was found. The CB LOGIN remember-me cookie contains encrypted user credentials, but due to a bug, these credentials are...

CVE-2020-26513

An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The ReqIF XML data, used by the codebeamer ALM application to import projects, is parsed by insecurely configured software components, which can be abused for XML External Entity Attacks...

CVE-2020-26513

An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The ReqIF XML data, used by the codebeamer ALM application to import projects, is parsed by insecurely configured software components, which can be abused for XML External Entity Attacks...

Xxe

An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The ReqIF XML data, used by the codebeamer ALM application to import projects, is parsed by insecurely configured software components, which can be abused for XML External Entity Attacks...

CVE-2020-26513

An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The ReqIF XML data, used by the codebeamer ALM application to import projects, is parsed by insecurely configured software components, which can be abused for XML External Entity Attacks...

CVE-2020-26513

Intland codeBeamer ALM 10.x–10.1.SP4 is affected by an XML External Entity (XXE) vulnerability in the ReqIF XML data import path. The issue arises because ReqIF data is parsed by insecurely configured components, enabling XXE attacks (as described in PT-2020-16433 and corroborated by CVE-2020-265...

PT-2020-16433 · Intland · Codebeamer Alm

Name of the Vulnerable Software and Affected Versions: Intland codeBeamer ALM versions 10.x through 10.1.SP4 Description: An issue was discovered in the way Intland codeBeamer ALM parses ReqIF XML data used for importing projects. The software components are insecurely configured, allowing for XM...

Intland Software codeBeamer ALM Code Issue Vulnerability

Intland Software codeBeamer ALM is an application lifecycle management platform from Intland Software, Germany. The platform supports application lifecycle management, requirements management, risk management and software development. A security vulnerability exists in Intland codeBeamer ALM...

Unspecified Vulnerability in codeBeamer

Intland Software codeBeamer ALM is an application lifecycle management platform from Intland Software, Germany. The platform supports application lifecycle management, requirements management, risk management and software development. A security vulnerability exists in codeBeamer versions prior t...

CVE-2019-20635

codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields...

CVE-2019-20635

codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields...