77 matches found
Security Bulletin: Vulberability in Apache commons io library affects IBM Engineering Test Management (ETM) (CVE-2021-29425)
Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by...
Security Bulletin: Vulnerabilities in httpclient library affects IBM Engineering Test Management (ETM) (CVE-2020-13956)
Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the imprope...
Security Bulletin: IBM Engineering Test Management is vulnerable to denial of service due to XStream (CVE-2021-43859)
Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2021-43859 DESCRIPTION: XStream is vulnerable to a denial of service, caused by improper input validation. By injecting highly...
Security Bulletin: Vulnerabilities in batik-all library affects IBM Engineering Test Management (ETM) (CVE-2022-38648, CVE-2022-40146, CVE-2022)
Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management in newer releases Vulnerability Details CVEID:CVE-2022-38648 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by a flaw when calling the fop function. By sending a...
Security Bulletin: Vulnerabilities in batik-all library affects IBM Engineering Test Management (ETM) (CVE-2022-38648, CVE-2022-40146, CVE-2022)
Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management in newer releases Vulnerability Details CVEID:CVE-2022-38648 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by a flaw when calling the fop function. By sending a...
Security Bulletin: Vulnerabilities in jna-platform library affects IBM Engineering Test Management (ETM)
Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management in newer releases Vulnerability Details IBM X-Force ID: 240628 DESCRIPTION: Java Native Access JNA is vulnerable to a denial of service, caused by an out-of-bounds read flaw in the...
Security Bulletin: Vulnerabilities in jdom affects IBM Engineering Test Management (ETM) (CVE-2021-33813)
Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request . A fix is available to address the vulnerability. Vulnerability Details...
Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to a privilege escalation - CVE-2023-0482
Summary IBM WebSphere Application Server Liberty is vulnerable to a privilege escalation due to RESTEasy. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Workflow Management, IBM...
Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM Java XML vulnerability CVE-2022-21426, deferred from Oracle Apr 2022 CPU - CVE-2022-21426
Summary A flaw in the XML component may lead to excessive memory consumption when compiling certain XPath expressions, which may in turn allow an attacker to inflict a denial-of-service. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM® SDK, Java™ Technology Edition are affected by multiple vulnerabilities (CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619)
Summary This covers all applicable Java SE CVEs published by Oracle as part of their October 2022 Critical Patch Update. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Lifecycle...
CVE-2021-38934
IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...
CVE-2021-38934
IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...
Cross site scripting
IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...
CVE-2021-38934
IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...
CVE-2021-38934
IBM Engineering Test Management is vulnerable to cross-site scripting in the Web UI due to unencoded custom values for Execution States on ETM 7.0, 7.0.1, and 7.0.2 (impacting items shown on TCER pages). Exploitation could allow arbitrary JavaScript in a trusted session, potentially leading to cr...
PT-2022-10809 · Ibm · Ibm Engineering Test Management
Name of the Vulnerable Software and Affected Versions: IBM Engineering Test Management versions 7.0 through 7.0.2 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a...
IBM Engineering Test Management 跨站脚本漏洞
IBM Engineering Test Management is a collaborative quality management software from IBM USA that provides end-to-end test planning and test asset management to improve team efficiency. A security vulnerability exists in IBM Engineering Test Management version 7.0, 7.0.1, and 7.0.2, which stems fr...
CVE-2021-38934
IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...
Security Bulletin: Multiple vulnerabilites affect IBM Engineering Test Management product due to XStream
Summary IBM Engineering Test Management is vulnerable to arbitrary code execution due to XStream. CVE-2021-21342, CVE-2021-21350, CVE-2021-21346, CVE-2021-21349, CVE-2021-21341, CVE-2021-21345, CVE-2021-21348, CVE-2021-21344, CVE-2021-21347, CVE-2021-21343, CVE-2021-21351 Vulnerability Details...
Security Bulletin: IBM Engineering Test Management is vulnerable to arbitrary data access due to XStream ( CVE-2020-26258, CVE-2020-26259 )
Summary IBM Engineering Test Management is vulnerable to remote attacker having access to snesitive data or to arbitrary files from system due to XStream. Vulnerability Details CVEID: CVE-2020-26258 DESCRIPTION: XStream is vulnerable to server-side request forgery, caused by a flaw when...