112 matches found
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerability which can allow remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser
Summary A vulnerability has been identified under which sensitive application information might be leaked to a remote attacker when a detailed technical error message is returned in the browser which is being used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains...
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by plaintext password fields which can leak sensitive information
Summary A vulnerability has been identified under which some password fields were used as plaintext causing un-intentional info leakage, which is being used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions...
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons Fileupload and Apache Tomcat
Summary Vulnerabilities have been identified in Apache Commons Fileupload and Apache Tomcat which are used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2016-3092 DESCRIPTIO...
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Nimbus-JOSE-JWT
Summary A vulnerability has been identified in Nimbus-JOSE-JWT-7.9, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2023-52428 DESCRIPTION: Connect2id...
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in crypto-js version 3.1.2
Summary A vulnerability has been identified in Crypto-Js 3.1.2, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2023-46233 DESCRIPTION: Brix crypto-js could allo...
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons-Codec version less than 1.13
Summary A vulnerability has been identified in Apache Commons-Codec version less than 1.13, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details IBM X-Force ID: 177835...
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Jdom-1.0
Summary A vulnerability has been identified in Jdom version 1.0, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2021-33813 DESCRIPTION: JDOM is vulnerable to a...
Security Bulletin: The IBM® Engineering Lifecycle Management is vulnerable to cross-site scripting
Summary A cross-site scripting vulnerability has been identified on the URL "/jts/auth/authrequired". The web-url does not properly sanitise and escape xss payload before out-putting a 'layout' parameter that users supply to the response body leading to a Cross Site Scripting attack. This bulleti...
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Repodebug
Summary Repodebug shows Oracle password in the plain text. This only occurs with Oracle DB. Customer observed that repodebug shows the database username and password for Oracle jdbc connections which is a vulnerability. This bulletin contains information regarding the remediation actions...
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in User Dashboards
Summary A vulnerability was reported in dashboard during pen testing. User's dashboard could be changed with a PUT request which did not check the user's identity, and this request enabled a user to change any dashboard the user has read access to. This bulletin contains information regarding the...
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons Collections
Summary Multiple vulnerabilities have been identified in Apache Commons Collections, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2017-15708 DESCRIPTION: Apac...
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Dojo version 1.16.2
Summary A vulnerability has been identified in Dojo version 1.16.2 Prototype Pollution, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2020-5258 DESCRIPTION: Do...
Security Bulletin: IBM Global Configuration Management - Vulnerable to archiving a global baseline by an authenticated user having improper access controls
Summary IBM Global Configuration Management is vulnerable to archiving a global baseline by an authenticated user having improper access controls/permissions. This bulletin contains information regarding the vulnerability and remediation actions. Vulnerability Details CVEID:CVE-2024-41773...
IBM Global Configuration Management 安全漏洞
IBM Global Configuration Management is a Web-based tool from International Business Machines IBM. It can be used to assemble configurations from other IBM Engineering Lifecycle Management ELM applications into a global configuration. An Access Control Error vulnerability exists in IBM Global...
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Velocity
Summary A vulnerability has been identified in Apache Velocity, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2020-13936 DESCRIPTION: Apache Velocity could all...
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons Beanutils
Summary Multiple vulnerabilities have been identified in Apache Commons Beanutils, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2019-10086 DESCRIPTION: Apache...
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Google Guava
Summary A vulnerability has been identified in Google Guava, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a...
Security Bulletin: IBM Engineering Lifecycle Management is vulnerable to induce the application to perform server-side HTTP and HTTPS requests to arbitrary domains.(CVE-2021-20544)
Summary External service interaction arises when it is possible to induce an application to interact with an arbitrary external service, such as a web or mail server. The ability to trigger arbitrary external service interactions does not constitute a vulnerability in its own right, and in some...
Security Bulletin: Apache Commons Configuration Vulnerability Affects IBM Jazz Reporting Service (CVE-2020-1953)
Summary There is a vulnerability in Apache Commons used by IBM Jazz Reporting Service. IBM has addressed the relevant CVE. Vulnerability Details CVEID:CVE-2020-1953 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by an issue...
CVE-2022-34355
IBM Jazz Foundation IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive version information to a user that could be used in further attacks against the system. IBM X-Force ID: 230498...