34 matches found
EUVD-2020-26236
Malware in sbrugna...
EUVD-2021-16175
Malware in sbrugna...
EUVD-2024-25879
Malicious code in bioql PyPI...
IBM Engineering Workflow Management Cross-Site Scripting Vulnerability (CNVD-2024-25255)
IBM Engineering Workflow Management is an enterprise-level engineering workflow management system that provides process management, task assignment, and more. A cross-site scripting vulnerability exists in IBM Engineering Workflow Management versions 7.0.2 and 7.0.3 that stems from insufficient...
Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerability CVE-2024-28793
Summary Vulnerability CVE-2024-28793 affects the Team Concert Git plugin of IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2024-28793 DESCRIPTION: IBM Engineering Workflow Management is vulnerable to stored cross-site scripting. Under certain configurations, this...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using WebSphere Application Server Liberty is vulnerable to information disclosure due to Apache Santuario (CVE-2023-44483)
Summary There is a vulnerability in the Apache Santuario library used by IBM WebSphere Application Server Liberty when the wsSecurity-1.1, wsSecuritySaml-1.1 or samlWeb-2.0 feature is enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been...
Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities [CVE-2022-1434, CVE-2022-1343, CVE-2022-1292, CVE-2022-1473]
Summary There are vulnerabilities which affect IBM Engineering Workflow Management EWM. CVE-2022-1434, CVE-2022-1343, CVE-2022-1292, CVE-2022-1473 The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-1434 DESCRIPTION: OpenSSL is vulnerable to a man-in-the-middle attack,...
Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerability CVE-2023-3315
Summary Vulnerability CVE-2023-3315 affects the Team Concert plugin of IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2023-3315 DESCRIPTION: Jenkins Team Concert could allow a remote authenticated attacker to obtain sensitive information, caused by improper permission...
Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2021-23839, CVE-2021-23840, CVE-2021-23841
Summary There are vulnerabilities CVE-2021-23839, CVE-2021-23840, CVE-2021-23841 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2021-23839 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by incorrect SSLv2 rollback protection that...
Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerability CVE-2020-1968
Summary There is a vulnerability CVE-2020-1968 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2020-1968 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a Raccoon attack in the TLS specification. By computing the...
Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerability CVE-2022-0778
Summary There is a vulnerability CVE-2022-0778 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BNmodsqrt function when parsing certificates. By using a...
Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerability CVE-2021-4160
Summary There is avulnerability CVE-2021-4160 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2021-4160 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by a carry propagation flaw in the MIPS32 and MIPS64 squaring procedure. An...
Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerability CVE-2021-3712
Summary There is a vulnerability CVE-2021-3712 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2021-3712 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when processing ASN.1 strings. By...
Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203
Summary There are vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2015-9251 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remot...
Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203
Summary There are vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2018-20676 DESCRIPTION: Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by t...
Security Bulletin: The IBM® Engineering Lifecycle Engineering product using WebSphere Application Server Liberty is vulnerable to server-side request forgery due to Apache CXF - CVE-2022-46364
Summary IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery due to Apache CXF. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Workflow Management, I...
Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2022-31129, CVE-2022-24785
Summary There is a vulnerabilities CVE-2022-31129, CVE-2022-24785 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a...
Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2021-41182, CVE-2022-31160, CVE-2021-41184, CVE-2021-41183
Summary There are vulnerabilities CVE-2021-41182, CVE-2022-31160, CVE-2021-41184, CVE-2021-41183 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2021-41182 DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site scripting, caused by improper validation of...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty are vulnerable to HTTP header injection (CVE-2022-34165)
Summary IBM WebSphere Application Server Liberty is vulnerable to HTTP header injection when processing web requests. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Global Configuration Management, IBM Engineering...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty is vulnerable to an Information Disclosure (CVE-2022-22393)
Summary IBM WebSphere Application Server Liberty is vulnerable to an information disclosure with the adminCenter-1.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin. Global Configuration Management GC...