Lucene search
K

86 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/03/27 5:21 p.m.38 views

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203

Summary There are vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2020-28500 DESCRIPTION: Node.js lodash module is vulnerable to a denial of service, caused by a regular expression denial of servi...

7.4CVSS8AI score0.2241EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/27 5:0 p.m.53 views

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2021-41182, CVE-2022-31160, CVE-2021-41184, CVE-2021-41183

Summary There are vulnerabilities CVE-2021-41182, CVE-2022-31160, CVE-2021-41184, CVE-2021-41183 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2021-41182 DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site scripting, caused by improper validation of...

6.5CVSS7AI score0.44515EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/27 4:55 p.m.45 views

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerability CVE-2021-43138

Summary There is a vulnerability CVE-2021-43138 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2021-43138 DESCRIPTION: Async could allow a remote attacker to execute arbitrary code on the system, caused by prototype pollution in the mapValues method. By...

7.8CVSS8.8AI score0.03346EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/16 7:5 a.m.38 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM® SDK, Java™ Technology Edition are affected by multiple vulnerabilities (CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619)

Summary This covers all applicable Java SE CVEs published by Oracle as part of their October 2022 Critical Patch Update. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Lifecycle...

5.3CVSS5.3AI score0.02376EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/23 3:14 p.m.35 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM® SDK, Java™ Technology Edition are affected by multiple vulnerabilities ( CVE-2022-21541, CVE-2022-21540 )

Summary All applicable Java SE CVEs published by Oracle as part of their July 2022 Critical Patch Update. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management, BM Jazz Reporting Service , I...

5.9CVSS6.3AI score0.0296EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/23 10:36 a.m.55 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty are vulnerable to HTTP header injection (CVE-2022-34165)

Summary IBM WebSphere Application Server Liberty is vulnerable to HTTP header injection when processing web requests. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Global Configuration Management, IBM Engineering...

5.4CVSS5.9AI score0.00441EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/23 8:29 a.m.30 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty is vulnerable to an Information Disclosure (CVE-2022-22393)

Summary IBM WebSphere Application Server Liberty is vulnerable to an information disclosure with the adminCenter-1.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin. Global Configuration Management GC...

6.5CVSS5AI score0.00693EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/12 9:53 a.m.24 views

Security Bulletin: Vulnerability which affects Rational Team Concert (RTC) and IBM Engineering Workflow Management (EWM)

Summary There is a vulnerability CVE-2021-29701 which affects Rational Team Concert RTC and IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2021-29701 DESCRIPTION: IBM Engineering Workflow Management could allow an authneticated attacker to obtain sensitive information fr...

4.3CVSS4.1AI score0.00704EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/20 9:30 a.m.30 views

Security Bulletin: The IBM® Engineering Lifecycle Management products recommendation for IBM Java XML vulnerability CVE-2022-21299

Summary A flaw in the XML component allows attackers to inflict a denial-of-service and/or access external entities which should be inaccessible. Vulnerability is identified in Java versions 7.0.11.5 and earlier, 7.1.5.5 and earlier, 8.0.7.5 and earlier. Vulnerability Details Refer to the securit...

5.3CVSS5.8AI score0.03458EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/21 2:53 p.m.36 views

Security Bulletin: Rational Team Concert (RTC) and IBM Engineering Workflow Management (EWM) OpenSSL vulnerability CVE-2021-4044

Summary There is a vulnerability CVE-2021-4044 which affects Rational Team Concert RTC and IBM Engineering Workflow Management EWM. Vulnerability Details CVEID: CVE-2021-4044 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused by invalid handling of...

7.5CVSS1AI score0.50099EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/06 7:41 p.m.22 views

Security Bulletin: Vulnerabilities (CVE-2021-39038, CVE-2021-23450) in IBM WebSphere Application Server may impact IBM Engineering Lifecycle Management (ELM) products based on IBM Jazz technology

Summary IBM Engineering Lifecycle Management ELM products based on IBM Jazz technology may integrate with IBM WebSphere Application Server WAS. Please review the following WAS Bulletins CVE-2021-39038, CVE-2021-23450 and take corrective actions. Vulnerability Details Refer to the security bulleti...

9.8CVSS2.5AI score0.30367EPSS
Exploits1Affected Software5
CNVD
CNVD
added 2022/03/21 12:0 a.m.23 views

IBM Engineering Workflow Management has an unspecified vulnerability (CNVD-2022-22301)

IBM Engineering Workflow Management is an engineering lifecycle management solution software for project management from IBM, U.S.A. A security vulnerability exists in IBM Rational Team Concert that allows an authenticated user to access sensitive information. No detailed vulnerability details ar...

4.3CVSS2.8AI score0.00676EPSS
Exploits0References1
NVD
NVD
added 2022/03/15 5:15 p.m.18 views

CVE-2020-4989

IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and 6.0.0.1 could allow an authenticated user to obtain sensitive information about build definitions. IBM X-Force ID: 192707...

4.3CVSS0.00676EPSS
Exploits0References2
OSV
OSV
added 2022/03/15 5:15 p.m.6 views

CVE-2020-4989

IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and 6.0.0.1 could allow an authenticated user to obtain sensitive information about build definitions. IBM X-Force ID: 192707...

4.3CVSS5.8AI score0.00676EPSS
Exploits0References2
Prion
Prion
added 2022/03/15 5:15 p.m.15 views

Information disclosure

IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and 6.0.0.1 could allow an authenticated user to obtain sensitive information about build definitions. IBM X-Force ID: 192707...

4CVSS4AI score0.00676EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/03/15 5:0 p.m.61 views

CVE-2020-4989

CVE-2020-4989 affects IBM Engineering Workflow Management (EWM) 7.0, 7.0.1, 7.0.2 and IBM Rational Team Concert (RTC) 6.0.6 and 6.0.0.1. Affected component is the build-definition access that an authenticated user can disclosure sensitive information about build definitions due to a vulnerability...

4.3CVSS4.1AI score0.00676EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/03/15 5:0 p.m.23 views

CVE-2020-4989

IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and 6.0.0.1 could allow an authenticated user to obtain sensitive information about build definitions. IBM X-Force ID: 192707...

4.3CVSS4.2AI score0.00676EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/03/15 12:0 a.m.4 views

IBM Engineering Workflow Management 安全漏洞

IBM Engineering Workflow Management is an engineering lifecycle management solution software for project management from IBM, U.S.A. A security vulnerability exists in IBM Rational Team Concert that allows an authenticated user to access sensitive information. No detailed vulnerability details ar...

4.3CVSS5.5AI score0.00676EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/14 2:23 p.m.17 views

Security Bulletin: Vulnerability which affects Rational Team Concert (RTC) and IBM Engineering Workflow Management (EWM)

Summary There is a vulnerability CVE-2020-4989 which affects Rational Team Concert RTC and IBM Engineering Workflow Management EWM. Vulnerability Details CVEID: CVE-2020-4989 DESCRIPTION: IBM Engineering Workflow Management could allow an authenticated user to obtain sensitive information about...

4.3CVSS4.2AI score0.00676EPSS
Exploits0Affected Software2
ATTACKERKB
ATTACKERKB
added 2022/03/14 12:0 a.m.4 views

CVE-2020-4989

IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and 6.0.0.1 could allow an authenticated user to obtain sensitive information about build definitions. IBM X-Force ID: 192707...

4.3CVSS4.8AI score0.00676EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder