Lucene search
K

488 matches found

Vulnrichment
Vulnrichment
added 2026/05/26 6:17 p.m.11 views

CVE-2026-3603 IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to XML external entity injection (XXE) attack

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 is vulnerable to an XML external entity injection XXE attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

7.1CVSS5.8AI score0.00354EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 6:17 p.m.9 views

CVE-2026-3603

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 is vulnerable to an XML external entity injection XXE attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

7.1CVSS5.8AI score0.00354EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/26 6:12 p.m.44 views

CVE-2026-4051 IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Server Post-Auth Remote Code Execution

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted...

7.2CVSS0.00369EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 6:12 p.m.16 views

EUVD-2026-31951

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted...

7.2CVSS6.2AI score0.00369EPSS
Exploits0References1
CVE
CVE
added 2026/05/26 6:12 p.m.16 views

CVE-2026-4051

CVE-2026-4051 concerns IBM Engineering Lifecycle Management - Jazz Foundation. Affected products/versions: 7.0.3 (through iFix021), 7.1.0 (through iFix009), 7.2.0 (through iFix001). Root cause: an exposed method that is not properly restricted, enabling a user with administrative privileges to pe...

7.2CVSS6.2AI score0.00369EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 6:12 p.m.10 views

CVE-2026-4051

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted...

7.2CVSS6.2AI score0.00369EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

IBM Engineering Lifecycle Management 安全漏洞

IBM Engineering Lifecycle Management is an engineering lifecycle management platform provided by the American multinational company International Business Machines IBM. Versions 7.0.3, 7.1.0, and 7.2.0 of IBM Engineering Lifecycle Management contain security vulnerabilities. These vulnerabilities...

9.8CVSS5.8AI score0.0058EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

IBM Engineering Lifecycle Management 安全漏洞

IBM Engineering Lifecycle Management is an engineering lifecycle management platform provided by the American multinational company International Business Machines IBM. Versions 7.0.3, 7.1.0, and 7.2.0 of IBM Engineering Lifecycle Management contain security vulnerabilities. These vulnerabilities...

7.2CVSS5.9AI score0.00369EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.20 views

PT-2026-43620

Name of the Vulnerable Software and Affected Versions radvd versions prior to 2.21 Description The radvdump utility contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, the print ff function copies up to 2032 bytes of...

8.8CVSS6.1AI score0.00203EPSS
Exploits0References20
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.14 views

PT-2026-43375

Name of the Vulnerable Software and Affected Versions IBM Engineering Lifecycle Management versions 7.0.3 through Interim Fix 021 IBM Engineering Lifecycle Management versions 7.1.0 through Interim Fix 009 IBM Engineering Lifecycle Management versions 7.2.0 through Interim Fix 001 Description An...

9.8CVSS5.8AI score0.0058EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/20 8:17 a.m.9 views

Security Bulletin: IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities in Apache Velocity

Summary A vulnerability has been identified in Apache Velocity library, which is used in IBM Engineering Lifecycle Management - Engineering Workflow Management. Vulnerability Details CVEID:CVE-2020-13936 DESCRIPTION: An attacker that is able to modify Velocity templates may execute arbitrary Java...

9CVSS7AI score0.22709EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/29 9:8 a.m.5 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Apache Velocity

Summary A vulnerability has been identified in Apache Velocity library, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2020-13936 DESCRIPTION: An attacker that is able to modify Velocity templates may execute arbitrary Java code or run...

9CVSS7.1AI score0.22709EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/29 9:3 a.m.4 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Apache Commons IO

Summary A vulnerability has been identified in Apache Commons IO, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...

4.3CVSS6.1AI score0.01249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/29 9:1 a.m.6 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Apache Commons FileUpload

Summary A vulnerability has been identified in Apache Commons FileUpload, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS...

7.5CVSS6.7AI score0.63258EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/20 8:59 p.m.4 views

Security Bulletin: IBM Engineering Lifecycle Management - Engineering Test Management is impacted by vulnerabilities in Eclipse IDE versions

Summary Vulnerabilities have been identified in Eclipse IDE versions before 2023-09 4.29, which is used in IBM Engineering Lifecycle Management - Engineering Test Management Vulnerability Details CVEID:CVE-2023-4218 DESCRIPTION: In Eclipse IDE versions 2023-09 4.29 some files with xml content are...

5CVSS5.8AI score0.00386EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/20 6:41 a.m.9 views

Security Bulletin: The IBM Engineering Lifecycle Management products using WebSphere Application Server Liberty is affected by a remote code execution vulnerability (CVE-2025-14914)

Summary WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.1 with the restConnector-1.0 or restConnector-2.0 feature enabled is affected by a remote code execution vulnerability. Following IBM® Engineering Lifecycle Management products are vulnerable to this attack, it has been addressed in...

7.6CVSS6.3AI score0.0039EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/20 6:39 a.m.4 views

Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty could provide weaker than expected security (CVE-2025-14923)

Summary IBM WebSphere Application Server Liberty with versions ranging 17.0.0.3 - 26.0.0.2 could provide weaker than expected security when using the Security Utility when administering security settings. Following IBM Engineering Lifecycle Management products are vulnerable to this attack, it ha...

9.8CVSS5.7AI score0.00173EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/20 6:38 a.m.8 views

Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty may be affected by a denial of service due to jose4j (CVE-2024-29371)

Summary There is a vulnerability in the jose4j library used by IBM WebSphere Application Server traditional and WebSphere Application Server Liberty. Following IBM Engineering Lifecycle Management products are vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test...

7.5CVSS5.7AI score0.00244EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/02/03 11:16 p.m.4 views

CVE-2025-36033

IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary...

5.4CVSS5.5AI score0.00136EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 10:12 p.m.29 views

CVE-2025-36033

CVE-2025-36033 affects IBM Engineering Lifecycle Management - Global Configuration Management (Jazz Foundation) versions 7.0.3 with iFix017 and 7.1.0 with iFix004. The issue is a cross-site scripting vulnerability that allows an authenticated user to inject JavaScript into the Web UI, potentially...

5.4CVSS5AI score0.00136EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder