488 matches found
CVE-2026-3603 IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to XML external entity injection (XXE) attack
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 is vulnerable to an XML external entity injection XXE attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources...
CVE-2026-3603
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 is vulnerable to an XML external entity injection XXE attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources...
CVE-2026-4051 IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Server Post-Auth Remote Code Execution
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted...
EUVD-2026-31951
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted...
CVE-2026-4051
CVE-2026-4051 concerns IBM Engineering Lifecycle Management - Jazz Foundation. Affected products/versions: 7.0.3 (through iFix021), 7.1.0 (through iFix009), 7.2.0 (through iFix001). Root cause: an exposed method that is not properly restricted, enabling a user with administrative privileges to pe...
CVE-2026-4051
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted...
IBM Engineering Lifecycle Management 安全漏洞
IBM Engineering Lifecycle Management is an engineering lifecycle management platform provided by the American multinational company International Business Machines IBM. Versions 7.0.3, 7.1.0, and 7.2.0 of IBM Engineering Lifecycle Management contain security vulnerabilities. These vulnerabilities...
IBM Engineering Lifecycle Management 安全漏洞
IBM Engineering Lifecycle Management is an engineering lifecycle management platform provided by the American multinational company International Business Machines IBM. Versions 7.0.3, 7.1.0, and 7.2.0 of IBM Engineering Lifecycle Management contain security vulnerabilities. These vulnerabilities...
PT-2026-43620
Name of the Vulnerable Software and Affected Versions radvd versions prior to 2.21 Description The radvdump utility contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, the print ff function copies up to 2032 bytes of...
PT-2026-43375
Name of the Vulnerable Software and Affected Versions IBM Engineering Lifecycle Management versions 7.0.3 through Interim Fix 021 IBM Engineering Lifecycle Management versions 7.1.0 through Interim Fix 009 IBM Engineering Lifecycle Management versions 7.2.0 through Interim Fix 001 Description An...
Security Bulletin: IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities in Apache Velocity
Summary A vulnerability has been identified in Apache Velocity library, which is used in IBM Engineering Lifecycle Management - Engineering Workflow Management. Vulnerability Details CVEID:CVE-2020-13936 DESCRIPTION: An attacker that is able to modify Velocity templates may execute arbitrary Java...
Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Apache Velocity
Summary A vulnerability has been identified in Apache Velocity library, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2020-13936 DESCRIPTION: An attacker that is able to modify Velocity templates may execute arbitrary Java code or run...
Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Apache Commons IO
Summary A vulnerability has been identified in Apache Commons IO, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...
Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Apache Commons FileUpload
Summary A vulnerability has been identified in Apache Commons FileUpload, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS...
Security Bulletin: IBM Engineering Lifecycle Management - Engineering Test Management is impacted by vulnerabilities in Eclipse IDE versions
Summary Vulnerabilities have been identified in Eclipse IDE versions before 2023-09 4.29, which is used in IBM Engineering Lifecycle Management - Engineering Test Management Vulnerability Details CVEID:CVE-2023-4218 DESCRIPTION: In Eclipse IDE versions 2023-09 4.29 some files with xml content are...
Security Bulletin: The IBM Engineering Lifecycle Management products using WebSphere Application Server Liberty is affected by a remote code execution vulnerability (CVE-2025-14914)
Summary WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.1 with the restConnector-1.0 or restConnector-2.0 feature enabled is affected by a remote code execution vulnerability. Following IBM® Engineering Lifecycle Management products are vulnerable to this attack, it has been addressed in...
Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty could provide weaker than expected security (CVE-2025-14923)
Summary IBM WebSphere Application Server Liberty with versions ranging 17.0.0.3 - 26.0.0.2 could provide weaker than expected security when using the Security Utility when administering security settings. Following IBM Engineering Lifecycle Management products are vulnerable to this attack, it ha...
Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty may be affected by a denial of service due to jose4j (CVE-2024-29371)
Summary There is a vulnerability in the jose4j library used by IBM WebSphere Application Server traditional and WebSphere Application Server Liberty. Following IBM Engineering Lifecycle Management products are vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test...
CVE-2025-36033
IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary...
CVE-2025-36033
CVE-2025-36033 affects IBM Engineering Lifecycle Management - Global Configuration Management (Jazz Foundation) versions 7.0.3 with iFix017 and 7.1.0 with iFix004. The issue is a cross-site scripting vulnerability that allows an authenticated user to inject JavaScript into the Web UI, potentially...