Lucene search
K

77 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/07/18 7:19 a.m.41 views

Security Bulletin: Vulberability in Apache commons io library affects IBM Engineering Test Management (ETM) (CVE-2021-29425)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by...

5.8CVSS6.3AI score0.10608EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/18 7:15 a.m.27 views

Security Bulletin: Vulnerabilities in httpclient library affects IBM Engineering Test Management (ETM) (CVE-2020-13956)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the imprope...

5.3CVSS5.8AI score0.08665EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/02 7:50 a.m.25 views

Security Bulletin: IBM Engineering Test Management is vulnerable to denial of service due to XStream (CVE-2021-43859)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2021-43859 DESCRIPTION: XStream is vulnerable to a denial of service, caused by improper input validation. By injecting highly...

7.5CVSS7.3AI score0.07934EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/02 7:45 a.m.39 views

Security Bulletin: Vulnerabilities in batik-all library affects IBM Engineering Test Management (ETM) (CVE-2022-38648, CVE-2022-40146, CVE-2022)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management in newer releases Vulnerability Details CVEID:CVE-2022-38648 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by a flaw when calling the fop function. By sending a...

7.5CVSS6.1AI score0.05791EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/02 7:44 a.m.35 views

Security Bulletin: Vulnerabilities in batik-all library affects IBM Engineering Test Management (ETM) (CVE-2022-38648, CVE-2022-40146, CVE-2022)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management in newer releases Vulnerability Details CVEID:CVE-2022-38648 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by a flaw when calling the fop function. By sending a...

7.5CVSS6.1AI score0.05791EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/02 7:43 a.m.26 views

Security Bulletin: Vulnerabilities in jna-platform library affects IBM Engineering Test Management (ETM)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management in newer releases Vulnerability Details IBM X-Force ID: 240628 DESCRIPTION: Java Native Access JNA is vulnerable to a denial of service, caused by an out-of-bounds read flaw in the...

6.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/02 7:42 a.m.18 views

Security Bulletin: Vulnerabilities in jdom affects IBM Engineering Test Management (ETM) (CVE-2021-33813)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request . A fix is available to address the vulnerability. Vulnerability Details...

7.5CVSS7.4AI score0.19442EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/24 12:51 p.m.23 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to a privilege escalation - CVE-2023-0482

Summary IBM WebSphere Application Server Liberty is vulnerable to a privilege escalation due to RESTEasy. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Workflow Management, IBM...

5.5CVSS5.8AI score0.00819EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 10:36 a.m.34 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM Java XML vulnerability CVE-2022-21426, deferred from Oracle Apr 2022 CPU - CVE-2022-21426

Summary A flaw in the XML component may lead to excessive memory consumption when compiling certain XPath expressions, which may in turn allow an attacker to inflict a denial-of-service. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed...

5.3CVSS6.6AI score0.03203EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/16 7:5 a.m.38 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM® SDK, Java™ Technology Edition are affected by multiple vulnerabilities (CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619)

Summary This covers all applicable Java SE CVEs published by Oracle as part of their October 2022 Critical Patch Update. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Lifecycle...

5.3CVSS5.3AI score0.02376EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/08/29 9:15 p.m.3 views

CVE-2021-38934

IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...

5.4CVSS5.4AI score0.00391EPSS
Exploits0References2
NVD
NVD
added 2022/08/29 9:15 p.m.16 views

CVE-2021-38934

IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...

5.4CVSS0.00391EPSS
Exploits0References2
Prion
Prion
added 2022/08/29 9:15 p.m.18 views

Cross site scripting

IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...

4.9CVSS5.2AI score0.00391EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2022/08/29 9:10 p.m.19 views

CVE-2021-38934

IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...

5.4CVSS5.3AI score0.00391EPSS
Exploits0References2
CVE
CVE
added 2022/08/29 9:10 p.m.70 views

CVE-2021-38934

IBM Engineering Test Management is vulnerable to cross-site scripting in the Web UI due to unencoded custom values for Execution States on ETM 7.0, 7.0.1, and 7.0.2 (impacting items shown on TCER pages). Exploitation could allow arbitrary JavaScript in a trusted session, potentially leading to cr...

5.4CVSS5.2AI score0.00391EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2022/08/29 12:0 a.m.7 views

PT-2022-10809 · Ibm · Ibm Engineering Test Management

Name of the Vulnerable Software and Affected Versions: IBM Engineering Test Management versions 7.0 through 7.0.2 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a...

5.4CVSS5.6AI score0.00391EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/08/29 12:0 a.m.5 views

IBM Engineering Test Management 跨站脚本漏洞

IBM Engineering Test Management is a collaborative quality management software from IBM USA that provides end-to-end test planning and test asset management to improve team efficiency. A security vulnerability exists in IBM Engineering Test Management version 7.0, 7.0.1, and 7.0.2, which stems fr...

5.4CVSS6.1AI score0.00391EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/08/26 12:0 a.m.2 views

CVE-2021-38934

IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...

5.4CVSS5.9AI score0.00391EPSS
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/26 6:38 a.m.45 views

Security Bulletin: Multiple vulnerabilites affect IBM Engineering Test Management product due to XStream

Summary IBM Engineering Test Management is vulnerable to arbitrary code execution due to XStream. CVE-2021-21342, CVE-2021-21350, CVE-2021-21346, CVE-2021-21349, CVE-2021-21341, CVE-2021-21345, CVE-2021-21348, CVE-2021-21344, CVE-2021-21347, CVE-2021-21343, CVE-2021-21351 Vulnerability Details...

9.9CVSS9.2AI score0.82136EPSS
Exploits10Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/04 11:30 a.m.35 views

Security Bulletin: IBM Engineering Test Management is vulnerable to arbitrary data access due to XStream ( CVE-2020-26258, CVE-2020-26259 )

Summary IBM Engineering Test Management is vulnerable to remote attacker having access to snesitive data or to arbitrary files from system due to XStream. Vulnerability Details CVEID: CVE-2020-26258 DESCRIPTION: XStream is vulnerable to server-side request forgery, caused by a flaw when...

7.7CVSS1.3AI score0.82392EPSS
Exploits7Affected Software2
Rows per page
Query Builder