488 matches found
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by plaintext password fields which can leak sensitive information
Summary A vulnerability has been identified under which some password fields were used as plaintext causing un-intentional info leakage, which is being used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using WebSphere Application Server traditional is vulnerable to denial of service
Summary IBM WebSphere Application Server is vulnerable to a denial of service when a JSF application configured with Sun Reference Implementation 1.2 is deployed. Following IBM® Engineering Lifecycle Engineering products is vulnerable to this attack, it has been addressed in this bulletin: IBM...
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons Fileupload and Apache Tomcat
Summary Vulnerabilities have been identified in Apache Commons Fileupload and Apache Tomcat which are used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2016-3092 DESCRIPTIO...
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Nimbus-JOSE-JWT
Summary A vulnerability has been identified in Nimbus-JOSE-JWT-7.9, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2023-52428 DESCRIPTION: Connect2id...
The vulnerability of IBM Engineering Lifecycle Optimization - Publishing software relates to incorrect restrictions on the path to the restricted access catalog, allowing attackers to gain unauthorized access to protected information.
The vulnerability of IBM Engineering Lifecycle Optimization - Publishing software relates to incorrect restrictions on the path name to the restricted catalog. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
CVE-2024-41766
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server traditional is vulnerable to cross-site scripting
Summary IBM WebSphere Application Server is vulnerable to cross-site scripting in the administrative console. Following IBM® Engineering Lifecycle Engineering products is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management Vulnerability Details Refer...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using WebSphere Application Server traditional is vulnerable to a XML External Entity (XXE) injection vulnerability in the administrative console
Summary IBM WebSphere Application Server is vulnerable to an XML External Entity Injection XXE vulnerability in the administrative console. Following IBM® Engineering Lifecycle Engineering products is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Manageme...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM SDK, Java Technology Edition Quarterly CPU - Oct 2024 - Includes Oracle October 2024 CPU plus CVE-2024-10917 are affected by multiple vulnerabilities
Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their October 2024 Critical Patch Update, plus CVE-2024-10917. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addresse...
Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition.
Summary A race condition happened when a code sequence runs concurrently with other code, and the code sequence needs exclusive access to a shared resource, but a time window exists in which the shared resource can be modified by another code sequence. In security-critical code, a race condition...
IBM Engineering Lifecycle Optimization Publishing Encryption Issue Vulnerability
IBM Engineering Lifecycle Optimization Publishing is an automated document generation solution from International Business Machines IBM. IBM Engineering Lifecycle Optimization Publishing suffers from a cryptographic issue vulnerability that stems from the use of a weaker-than-expected encryption...
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in crypto-js version 3.1.2
Summary A vulnerability has been identified in Crypto-Js 3.1.2, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2023-46233 DESCRIPTION: Brix crypto-js could allo...
IBM Engineering Lifecycle Optimization Publishing SQL Injection Vulnerability
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is IBM's software for engineering lifecycle management optimization. A SQL injection vulnerability exists in IBM Engineering Lifecycle Optimization - Publishing. A remote attacker could exploit this vulnerability by sending...
CVE-2024-41768
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure state...
CVE-2024-41768
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure state...
CVE-2024-41765
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
CVE-2024-41763
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...
CVE-2024-41765
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
CVE-2024-41766
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression...
CVE-2024-41763
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...