488 matches found
Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty is affected by a denial of service (CVE-2025-36000)
Summary IBM WebSphere Application Server Liberty is affected by a stored cross-site scripting vulnerability with the adminCenter-1.0 feature enabled. Following IBM® Engineering Lifecycle Management products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation,...
Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in CKEditor 4.19
Summary Vulnerabiltiies have been identified in CKEditor 4.19, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2024-24816 DESCRIPTION: CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerabilit...
IBM Engineering Lifecycle Optimization Publishing Cross-Site Scripting Vulnerability
IBM Engineering Lifecycle Optimization Publishing is an automated document generation solution from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Engineering Lifecycle Optimization Publishing versions 7.0.2 and 7.03 that originates from an unvalidated URI...
The vulnerability of the IBM Engineering Lifecycle Optimization - Publishing software for creating reports is related to improper neutralization of encoded URI schemes on web pages, allowing attackers to perform cross-site scripting attacks.
The vulnerability of the IBM Engineering Lifecycle Optimization - Publishing software for creating reports is related to improper neutralization of encoded URI schemes on the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
CVE-2024-52890
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.03 could be susceptible to cross-site scripting due to no validation of URIs...
Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - could be susceptible to cross-site scripting due to no validation of URIs.
Summary IBM Engineering Lifecycle Optimization - Publishing could be susceptible to cross-site scripting due to no validation of URIs. Following IBM® Engineering Lifecycle Management product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Lifecycle Optimizati...
CVE-2024-52890
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.03 could be susceptible to cross-site scripting due to no validation of URIs...
CVE-2024-52890
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.03 could be susceptible to cross-site scripting due to no validation of URIs...
CVE-2024-52890 IBM Engineering Lifecycle Optimization - Publishing cross-site scripting
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.03 could be susceptible to cross-site scripting due to no validation of URIs...
CVE-2024-52890 IBM Engineering Lifecycle Optimization - Publishing cross-site scripting
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.03 could be susceptible to cross-site scripting due to no validation of URIs...
CVE-2024-52890
CVE-2024-52890 affects IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3. The root cause is unvalidated URIs in the application, leading to cross-site scripting (CWE-84). The vulnerability is rated CVSS v3.1 base score 6.1 (Medium) with attack vector Network, no privile...
IBM Engineering Lifecycle Optimization Publishing 安全漏洞
IBM Engineering Lifecycle Optimization Publishing is an automated document generation solution from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Engineering Lifecycle Optimization Publishing versions 7.0.2 and 7.03 that originates from an unvalidated URI...
Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - The jackson-core package is vulnerable to a Denial of Service (DoS) attack
Summary There is a Jackson-Core vulnerability shipped with IBM Engineering Lifecycle Optimization - Publishing. Following IBM® Engineering Lifecycle Management product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Lifecycle Optimization - Publishing...
Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - In Connect2id Nimbus JOSE+JWT, an attacker can cause a denial of service
Summary Connect2id Nimbus-JOSE-JWT is vulnerable to a denial of service, caused by improper validation of user requests by the PasswordBasedDecrypter PBKDF2 component. By sending a specially crafted request using a large JWE p2c header, a remote attacker could exploit this vulnerability to cause ...
PT-2025-31927 · Ibm · Ibm Engineering Lifecycle Optimization - Publishing
Name of the Vulnerable Software and Affected Versions: IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3 Description: IBM Engineering Lifecycle Optimization - Publishing is susceptible to cross-site scripting due to a lack of validation of URIs. Recommendations: Ensure...
CVE-2024-41765
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
CVE-2023-45191
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Apache CXF (CVE-2025-23184)
Summary There is a vulnerability in the Apache CXF library used by IBM WebSphere Application Server Liberty with the jaxws-2.2, xmlWS-3.0 or xmlWS-4.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin:...
Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted
Summary Software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a...
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerability which can allow remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser
Summary A vulnerability has been identified under which sensitive application information might be leaked to a remote attacker when a detailed technical error message is returned in the browser which is being used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains...