159 matches found
Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing (PUB) jQuery Vulnerability
Summary IBM Engineering Lifecycle Optimization - Publishing jQuery and jQuery.min found vulnerable Vulnerability Details CVEID:CVE-2020-11022 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery.htmlPrefilter method. A remot...
CVE-2023-45191
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755...
CVE-2023-45190
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...
CVE-2023-45190
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...
CVE-2023-45187
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749...
Code injection
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749...
Code injection
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755...
Cross site scripting
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...
CVE-2023-45191 IBM Engineering Lifecycle Optimization information disclosure
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755...
CVE-2023-45190
CVE-2023-45190 affects IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3. The issue is HTTP header injection caused by improper validation of HOST headers, which can enable cross-site scripting, cache poisoning, or session hijacking. Public details consistently cite this vulnerability with t...
CVE-2023-45190 IBM Engineering Lifecycle Optimization HTTP header injection
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...
CVE-2023-45190 IBM Engineering Lifecycle Optimization HTTP header injection
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...
CVE-2023-45187 IBM Engineering Lifecycle Optimization - Publishing session fixation
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749...
IBM Engineering Lifecycle Optimization Security Vulnerability
IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from International Business Machines IBM. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that...
IBM Engineering Lifecycle Optimization Security Vulnerability
IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from International Business Machines IBM. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that...
IBM Engineering Lifecycle Optimization Code Issue Vulnerability
IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from International Business Machines IBM. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that...
PT-2024-13222 · Ibm · Ibm Engineering Lifecycle Optimization
Name of the Vulnerable Software and Affected Versions: IBM Engineering Lifecycle Optimization versions 7.0.2 through 7.0.3 Description: The issue is related to an inadequate account lockout setting, which could allow a remote attacker to brute force account credentials. This could potentially lea...
Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing Does not support Container authentication from 7.0.3
Summary IBM Engineering Lifecycle Optimization - Publishing Does not support Container authentication from 7.0.3 Vulnerability Details CVEID:CVE-2023-45187 DESCRIPTION: IBM Engineering Lifecycle Optimization - Publishing does not invalidate session after logout which could allow an authenticated...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM SDK, Java Technology Edition Quarterly CPU - Oct 2023 - Includes Oracle October 2023 CPU plus are vulnerable to CVE-2023-5676
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed i...
Security Bulletin: An issue was discovered in netplex json-smart which affects IBM Engineering Lifecycle Optimization - Publishing
Summary An issue was discovered in netplex json-smart which affect affect IBM Engineering Lifecycle Optimization - Publishing. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2021-27568 DESCRIPTION: Netplex json-smart-v1 and json-smart-v2 are vulnerable to a denial of servic...