Lucene search
K

488 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:29 a.m.20 views

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by plaintext password fields which can leak sensitive information

Summary A vulnerability has been identified under which some password fields were used as plaintext causing un-intentional info leakage, which is being used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions...

4.6CVSS4.6AI score0.00185EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/13 9:50 a.m.8 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using WebSphere Application Server traditional is vulnerable to denial of service

Summary IBM WebSphere Application Server is vulnerable to a denial of service when a JSF application configured with Sun Reference Implementation 1.2 is deployed. Following IBM® Engineering Lifecycle Engineering products is vulnerable to this attack, it has been addressed in this bulletin: IBM...

6.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/11 6:7 p.m.19 views

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons Fileupload and Apache Tomcat

Summary Vulnerabilities have been identified in Apache Commons Fileupload and Apache Tomcat which are used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2016-3092 DESCRIPTIO...

9.8CVSS8.5AI score0.35927EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/10 7:3 a.m.15 views

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Nimbus-JOSE-JWT

Summary A vulnerability has been identified in Nimbus-JOSE-JWT-7.9, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2023-52428 DESCRIPTION: Connect2id...

7.5CVSS8AI score0.00814EPSS
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/03/05 12:0 a.m.6 views

The vulnerability of IBM Engineering Lifecycle Optimization - Publishing software relates to incorrect restrictions on the path to the restricted access catalog, allowing attackers to gain unauthorized access to protected information.

The vulnerability of IBM Engineering Lifecycle Optimization - Publishing software relates to incorrect restrictions on the path name to the restricted catalog. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

6.8CVSS5.5AI score0.00577EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 7:41 a.m.10 views

CVE-2024-41766

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression...

7.5CVSS6.8AI score0.00461EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/05 5:44 a.m.8 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server traditional is vulnerable to cross-site scripting

Summary IBM WebSphere Application Server is vulnerable to cross-site scripting in the administrative console. Following IBM® Engineering Lifecycle Engineering products is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management Vulnerability Details Refer...

6.3AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/05 5:44 a.m.4 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using WebSphere Application Server traditional is vulnerable to a XML External Entity (XXE) injection vulnerability in the administrative console

Summary IBM WebSphere Application Server is vulnerable to an XML External Entity Injection XXE vulnerability in the administrative console. Following IBM® Engineering Lifecycle Engineering products is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Manageme...

7.2AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/04 7:28 a.m.10 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM SDK, Java Technology Edition Quarterly CPU - Oct 2024 - Includes Oracle October 2024 CPU plus CVE-2024-10917 are affected by multiple vulnerabilities

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their October 2024 Critical Patch Update, plus CVE-2024-10917. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addresse...

5.3CVSS6.1AI score0.0042EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/23 12:9 p.m.11 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition.

Summary A race condition happened when a code sequence runs concurrently with other code, and the code sequence needs exclusive access to a shared resource, but a time window exists in which the shared resource can be modified by another code sequence. In security-critical code, a race condition...

9.8CVSS9.6AI score0.00838EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2025/01/21 12:0 a.m.9 views

IBM Engineering Lifecycle Optimization Publishing Encryption Issue Vulnerability

IBM Engineering Lifecycle Optimization Publishing is an automated document generation solution from International Business Machines IBM. IBM Engineering Lifecycle Optimization Publishing suffers from a cryptographic issue vulnerability that stems from the use of a weaker-than-expected encryption...

7.5CVSS6.3AI score0.00195EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/10 6:42 a.m.19 views

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in crypto-js version 3.1.2

Summary A vulnerability has been identified in Crypto-Js 3.1.2, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2023-46233 DESCRIPTION: Brix crypto-js could allo...

9.1CVSS6.2AI score0.00635EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2025/01/10 12:0 a.m.13 views

IBM Engineering Lifecycle Optimization Publishing SQL Injection Vulnerability

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is IBM's software for engineering lifecycle management optimization. A SQL injection vulnerability exists in IBM Engineering Lifecycle Optimization - Publishing. A remote attacker could exploit this vulnerability by sending...

7.3CVSS7.3AI score0.00303EPSS
Exploits0References1
NVD
NVD
added 2025/01/04 3:15 p.m.11 views

CVE-2024-41768

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure state...

6.5CVSS0.00394EPSS
Exploits0References1
OSV
OSV
added 2025/01/04 3:15 p.m.3 views

CVE-2024-41768

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure state...

6.5CVSS5.8AI score0.00394EPSS
Exploits0References1
OSV
OSV
added 2025/01/04 3:15 p.m.6 views

CVE-2024-41765

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

6.5CVSS5.9AI score0.00577EPSS
Exploits0References1
NVD
NVD
added 2025/01/04 3:15 p.m.22 views

CVE-2024-41763

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

7.5CVSS0.00195EPSS
Exploits0References1
NVD
NVD
added 2025/01/04 3:15 p.m.20 views

CVE-2024-41765

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

6.5CVSS0.00577EPSS
Exploits0References1
NVD
NVD
added 2025/01/04 3:15 p.m.29 views

CVE-2024-41766

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression...

7.5CVSS0.00461EPSS
Exploits0References1
OSV
OSV
added 2025/01/04 3:15 p.m.4 views

CVE-2024-41763

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

7.5CVSS5.8AI score
Exploits0References1
Rows per page
Query Builder