Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerability CVE-2023-3315

Summary Vulnerability CVE-2023-3315 affects the Team Concert plugin of IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2023-3315 DESCRIPTION: Jenkins Team Concert could allow a remote authenticated attacker to obtain sensitive information, caused by improper permission...

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2021-23839, CVE-2021-23840, CVE-2021-23841

Summary There are vulnerabilities CVE-2021-23839, CVE-2021-23840, CVE-2021-23841 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2021-23839 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by incorrect SSLv2 rollback protection that...

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerability CVE-2020-1968

Summary There is a vulnerability CVE-2020-1968 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2020-1968 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a Raccoon attack in the TLS specification. By computing the...

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerability CVE-2022-0778

Summary There is a vulnerability CVE-2022-0778 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BNmodsqrt function when parsing certificates. By using a...

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerability CVE-2021-4160

Summary There is avulnerability CVE-2021-4160 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2021-4160 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by a carry propagation flaw in the MIPS32 and MIPS64 squaring procedure. An...

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerability CVE-2021-3712

Summary There is a vulnerability CVE-2021-3712 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2021-3712 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when processing ASN.1 strings. By...

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203

Summary There are vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2015-9251 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remot...

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203

Summary There are vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2018-20676 DESCRIPTION: Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by t...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to a privilege escalation - CVE-2023-0482

Summary IBM WebSphere Application Server Liberty is vulnerable to a privilege escalation due to RESTEasy. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Workflow Management, IBM...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM Java XML vulnerability CVE-2022-21426, deferred from Oracle Apr 2022 CPU - CVE-2022-21426

Summary A flaw in the XML component may lead to excessive memory consumption when compiling certain XPath expressions, which may in turn allow an attacker to inflict a denial-of-service. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using WebSphere Application Server Liberty is vulnerable to server-side request forgery due to Apache CXF - CVE-2022-46364

Summary IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery due to Apache CXF. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Workflow Management, I...

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2022-31129, CVE-2022-24785

Summary There is a vulnerabilities CVE-2022-31129, CVE-2022-24785 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a...

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203

Summary There are vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2020-28500 DESCRIPTION: Node.js lodash module is vulnerable to a denial of service, caused by a regular expression denial of servi...

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2021-41182, CVE-2022-31160, CVE-2021-41184, CVE-2021-41183

Summary There are vulnerabilities CVE-2021-41182, CVE-2022-31160, CVE-2021-41184, CVE-2021-41183 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2021-41182 DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site scripting, caused by improper validation of...

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerability CVE-2021-43138

Summary There is a vulnerability CVE-2021-43138 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2021-43138 DESCRIPTION: Async could allow a remote attacker to execute arbitrary code on the system, caused by prototype pollution in the mapValues method. By...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM® SDK, Java™ Technology Edition are affected by multiple vulnerabilities (CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619)

Summary This covers all applicable Java SE CVEs published by Oracle as part of their October 2022 Critical Patch Update. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Lifecycle...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM® SDK, Java™ Technology Edition are affected by multiple vulnerabilities ( CVE-2022-21541, CVE-2022-21540 )

Summary All applicable Java SE CVEs published by Oracle as part of their July 2022 Critical Patch Update. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management, BM Jazz Reporting Service , I...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty are vulnerable to HTTP header injection (CVE-2022-34165)

Summary IBM WebSphere Application Server Liberty is vulnerable to HTTP header injection when processing web requests. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Global Configuration Management, IBM Engineering...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty is vulnerable to an Information Disclosure (CVE-2022-22393)

Summary IBM WebSphere Application Server Liberty is vulnerable to an information disclosure with the adminCenter-1.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin. Global Configuration Management GC...

Security Bulletin: Vulnerability which affects Rational Team Concert (RTC) and IBM Engineering Workflow Management (EWM)

Summary There is a vulnerability CVE-2021-29701 which affects Rational Team Concert RTC and IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2021-29701 DESCRIPTION: IBM Engineering Workflow Management could allow an authneticated attacker to obtain sensitive information fr...