Lucene search
K

159 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/02/15 8:18 a.m.52 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing (PUB) jQuery Vulnerability

Summary IBM Engineering Lifecycle Optimization - Publishing jQuery and jQuery.min found vulnerable Vulnerability Details CVEID:CVE-2020-11022 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery.htmlPrefilter method. A remot...

6.9CVSS6.5AI score0.99019EPSS
Exploits14Affected Software1
NVD
NVD
added 2024/02/09 1:15 a.m.28 views

CVE-2023-45191

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755...

7.5CVSS7.5AI score0.00663EPSS
Exploits0References2
OSV
OSV
added 2024/02/09 1:15 a.m.5 views

CVE-2023-45190

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

6.1CVSS5.7AI score0.00255EPSS
Exploits0References2
NVD
NVD
added 2024/02/09 1:15 a.m.26 views

CVE-2023-45190

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

6.1CVSS5.8AI score0.00255EPSS
Exploits0References2
NVD
NVD
added 2024/02/09 1:15 a.m.22 views

CVE-2023-45187

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749...

8.8CVSS7.1AI score0.00381EPSS
Exploits0References2
Prion
Prion
added 2024/02/09 1:15 a.m.16 views

Code injection

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749...

6.5CVSS6.5AI score0.00381EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2024/02/09 1:15 a.m.15 views

Code injection

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755...

5CVSS6.8AI score0.00663EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2024/02/09 1:15 a.m.13 views

Cross site scripting

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

5.8CVSS6.7AI score0.00255EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/02/09 12:34 a.m.27 views

CVE-2023-45191 IBM Engineering Lifecycle Optimization information disclosure

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755...

7.5CVSS7.3AI score0.00663EPSS
Exploits0References2
CVE
CVE
added 2024/02/09 12:32 a.m.56 views

CVE-2023-45190

CVE-2023-45190 affects IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3. The issue is HTTP header injection caused by improper validation of HOST headers, which can enable cross-site scripting, cache poisoning, or session hijacking. Public details consistently cite this vulnerability with t...

6.1CVSS6AI score0.00255EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/09 12:32 a.m.13 views

CVE-2023-45190 IBM Engineering Lifecycle Optimization HTTP header injection

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

5.1CVSS6.3AI score0.00255EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/09 12:32 a.m.29 views

CVE-2023-45190 IBM Engineering Lifecycle Optimization HTTP header injection

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

5.1CVSS6.1AI score0.00255EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/09 12:29 a.m.12 views

CVE-2023-45187 IBM Engineering Lifecycle Optimization - Publishing session fixation

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749...

6.3CVSS6.2AI score0.00381EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/02/09 12:0 a.m.8 views

IBM Engineering Lifecycle Optimization Security Vulnerability

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from International Business Machines IBM. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that...

6.1CVSS6.6AI score0.00255EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/09 12:0 a.m.3 views

IBM Engineering Lifecycle Optimization Security Vulnerability

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from International Business Machines IBM. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that...

7.5CVSS6.5AI score0.00663EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/09 12:0 a.m.5 views

IBM Engineering Lifecycle Optimization Code Issue Vulnerability

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from International Business Machines IBM. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that...

8.8CVSS6.5AI score0.00381EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/08 12:0 a.m.4 views

PT-2024-13222 · Ibm · Ibm Engineering Lifecycle Optimization

Name of the Vulnerable Software and Affected Versions: IBM Engineering Lifecycle Optimization versions 7.0.2 through 7.0.3 Description: The issue is related to an inadequate account lockout setting, which could allow a remote attacker to brute force account credentials. This could potentially lea...

7.5CVSS7.3AI score0.00663EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/07 8:56 a.m.23 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing Does not support Container authentication from 7.0.3

Summary IBM Engineering Lifecycle Optimization - Publishing Does not support Container authentication from 7.0.3 Vulnerability Details CVEID:CVE-2023-45187 DESCRIPTION: IBM Engineering Lifecycle Optimization - Publishing does not invalidate session after logout which could allow an authenticated...

8.8CVSS6AI score0.00663EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/12 5:48 a.m.45 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM SDK, Java Technology Edition Quarterly CPU - Oct 2023 - Includes Oracle October 2023 CPU plus are vulnerable to CVE-2023-5676

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed i...

5.9CVSS5.9AI score0.00406EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/11 5:53 a.m.44 views

Security Bulletin: An issue was discovered in netplex json-smart which affects IBM Engineering Lifecycle Optimization - Publishing

Summary An issue was discovered in netplex json-smart which affect affect IBM Engineering Lifecycle Optimization - Publishing. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2021-27568 DESCRIPTION: Netplex json-smart-v1 and json-smart-v2 are vulnerable to a denial of servic...

7.5CVSS6.8AI score0.02886EPSS
Exploits2Affected Software1
Rows per page
Query Builder