Lucene search
K

488 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/09/04 9:1 a.m.8 views

Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty is affected by a denial of service (CVE-2025-36000)

Summary IBM WebSphere Application Server Liberty is affected by a stored cross-site scripting vulnerability with the adminCenter-1.0 feature enabled. Following IBM® Engineering Lifecycle Management products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation,...

4.8CVSS5.7AI score0.00165EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/29 7:15 p.m.8 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in CKEditor 4.19

Summary Vulnerabiltiies have been identified in CKEditor 4.19, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2024-24816 DESCRIPTION: CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerabilit...

7.3CVSS6.2AI score0.01652EPSS
Exploits0Affected Software4
CNVD
CNVD
added 2025/08/11 12:0 a.m.3 views

IBM Engineering Lifecycle Optimization Publishing Cross-Site Scripting Vulnerability

IBM Engineering Lifecycle Optimization Publishing is an automated document generation solution from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Engineering Lifecycle Optimization Publishing versions 7.0.2 and 7.03 that originates from an unvalidated URI...

6.1CVSS6.1AI score0.00175EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/08/11 12:0 a.m.10 views

The vulnerability of the IBM Engineering Lifecycle Optimization - Publishing software for creating reports is related to improper neutralization of encoded URI schemes on web pages, allowing attackers to perform cross-site scripting attacks.

The vulnerability of the IBM Engineering Lifecycle Optimization - Publishing software for creating reports is related to improper neutralization of encoded URI schemes on the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

6.4CVSS5.2AI score0.00175EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/07 2:24 p.m.22 views

CVE-2024-52890

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.03 could be susceptible to cross-site scripting due to no validation of URIs...

6.1CVSS5.7AI score0.00175EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/05 3:14 p.m.10 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - could be susceptible to cross-site scripting due to no validation of URIs.

Summary IBM Engineering Lifecycle Optimization - Publishing could be susceptible to cross-site scripting due to no validation of URIs. Following IBM® Engineering Lifecycle Management product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Lifecycle Optimizati...

6.1CVSS5.7AI score0.00175EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/08/05 2:15 p.m.3 views

CVE-2024-52890

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.03 could be susceptible to cross-site scripting due to no validation of URIs...

6.1CVSS5.6AI score0.00175EPSS
Exploits0References1
NVD
NVD
added 2025/08/05 2:15 p.m.9 views

CVE-2024-52890

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.03 could be susceptible to cross-site scripting due to no validation of URIs...

6.1CVSS0.00175EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/05 1:45 p.m.8 views

CVE-2024-52890 IBM Engineering Lifecycle Optimization - Publishing cross-site scripting

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.03 could be susceptible to cross-site scripting due to no validation of URIs...

6.1CVSS6.3AI score0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/05 1:45 p.m.10 views

CVE-2024-52890 IBM Engineering Lifecycle Optimization - Publishing cross-site scripting

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.03 could be susceptible to cross-site scripting due to no validation of URIs...

6.1CVSS0.00175EPSS
Exploits0References1
CVE
CVE
added 2025/08/05 1:45 p.m.26 views

CVE-2024-52890

CVE-2024-52890 affects IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3. The root cause is unvalidated URIs in the application, leading to cross-site scripting (CWE-84). The vulnerability is rated CVSS v3.1 base score 6.1 (Medium) with attack vector Network, no privile...

6.1CVSS5.9AI score0.00175EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/08/05 12:0 a.m.4 views

IBM Engineering Lifecycle Optimization Publishing 安全漏洞

IBM Engineering Lifecycle Optimization Publishing is an automated document generation solution from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Engineering Lifecycle Optimization Publishing versions 7.0.2 and 7.03 that originates from an unvalidated URI...

6.1CVSS5.8AI score0.00175EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/04 6:39 a.m.7 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - The jackson-core package is vulnerable to a Denial of Service (DoS) attack

Summary There is a Jackson-Core vulnerability shipped with IBM Engineering Lifecycle Optimization - Publishing. Following IBM® Engineering Lifecycle Management product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Lifecycle Optimization - Publishing...

6.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/04 6:37 a.m.7 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - In Connect2id Nimbus JOSE+JWT, an attacker can cause a denial of service

Summary Connect2id Nimbus-JOSE-JWT is vulnerable to a denial of service, caused by improper validation of user requests by the PasswordBasedDecrypter PBKDF2 component. By sending a specially crafted request using a large JWE p2c header, a remote attacker could exploit this vulnerability to cause ...

7.5CVSS6AI score0.00814EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/04 12:0 a.m.6 views

PT-2025-31927 · Ibm · Ibm Engineering Lifecycle Optimization - Publishing

Name of the Vulnerable Software and Affected Versions: IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3 Description: IBM Engineering Lifecycle Optimization - Publishing is susceptible to cross-site scripting due to a lack of validation of URIs. Recommendations: Ensure...

6.4CVSS5.7AI score0.00175EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 6:57 a.m.9 views

CVE-2024-41765

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

6.5CVSS6.8AI score0.00577EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:38 a.m.8 views

CVE-2023-45191

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755...

7.5CVSS6.5AI score0.00663EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/16 7:36 a.m.11 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Apache CXF (CVE-2025-23184)

Summary There is a vulnerability in the Apache CXF library used by IBM WebSphere Application Server Liberty with the jaxws-2.2, xmlWS-3.0 or xmlWS-4.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin:...

7.5CVSS6.8AI score0.01941EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:30 a.m.10 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted

Summary Software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a...

6.5CVSS6.8AI score0.00577EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:29 a.m.18 views

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerability which can allow remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser

Summary A vulnerability has been identified under which sensitive application information might be leaked to a remote attacker when a detailed technical error message is returned in the browser which is being used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains...

4.3CVSS4.6AI score0.00338EPSS
Exploits0Affected Software1
Rows per page
Query Builder