Lucene search
+L

249 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/07/10 6:21 a.m.32 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to GraphQL - CVE-2023-28867

Summary Vulnerability in the GraphQL Java library used by IBM WebSphere Application Server Liberty when the feature mpGraphQL-1.0 or mpGraphQL-2.0 is enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz...

7.5CVSS7.4AI score0.01051EPSS
Exploits0Affected Software1
Prion
Prion
added 2023/07/05 10:15 p.m.20 views

Type confusion

Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Versions of Kiwi TCMS prior to 12.5 had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangero...

4.9CVSS5.4AI score0.00692EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2023/07/05 9:2 p.m.48 views

CVE-2023-36809

Kiwi TCMS prior to version 12.5 is impacted by a stored XSS issue tied to how uploaded attachments (test plans, test cases, etc.) are served. The root cause involved an earlier attempt to treat all uploaded files as plain text to prevent script execution, but some browsers (e.g., Firefox) could i...

8.1CVSS6.6AI score0.00692EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2023/06/06 7:15 p.m.63 views

CVE-2023-33977

Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded...

8.1CVSS8.1AI score0.0087EPSS
Exploits1References5
Prion
Prion
added 2023/06/06 7:15 p.m.16 views

Cross site scripting

Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded...

4.9CVSS5.6AI score0.0087EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2023/06/06 6:3 p.m.82 views

CVE-2023-33977

Kiwi TCMS is affected by CVE-2023-33977 (stored XSS via unrestricted file upload) in versions prior to 12.4. The root cause is incomplete upload validation that can permit uploading potentially dangerous files, enabling arbitrary JavaScript execution in the browser. An additional issue involves N...

8.1CVSS6.8AI score0.0087EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2023/05/27 3:58 a.m.70 views

CVE-2023-32686

Kiwi TCMS before version 12.3 was vulnerable to stored XSS via unrestricted file uploads. Weak upload validators allowed crafted file combinations to bypass Content-Security-Policy, enabling arbitrary JavaScript execution in the browser. The issue is patched in version 12.3. Remediation: upgrade ...

8.1CVSS6.7AI score0.00431EPSS
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2023/05/16 6:30 p.m.6 views

com.btc.ep:btc-embeddedplatform (>=2.5.8 <=2.5.9), org.jenkins-ci.plugins:qmetry-for-jira-test-management (>=1.11 <=1.26) potentially affected by CVE-2023-32981 via org.jenkins-ci.plugins:pipeline-utility-steps (=1.1.1)

org.jenkins-ci.plugins:pipeline-utility-steps MAVEN version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:pipeline-utility-steps and may be impacted: - com.btc.ep:btc-embeddedplatform =2.5.8, =1.11, =1.26 Source cves:...

8.8CVSS7.2AI score0.01016EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/02 7:50 a.m.25 views

Security Bulletin: IBM Engineering Test Management is vulnerable to denial of service due to XStream (CVE-2021-43859)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2021-43859 DESCRIPTION: XStream is vulnerable to a denial of service, caused by improper input validation. By injecting highly...

7.5CVSS7.3AI score0.07659EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/02 7:45 a.m.39 views

Security Bulletin: Vulnerabilities in batik-all library affects IBM Engineering Test Management (ETM) (CVE-2022-38648, CVE-2022-40146, CVE-2022)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management in newer releases Vulnerability Details CVEID:CVE-2022-38648 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by a flaw when calling the fop function. By sending a...

7.5CVSS6.1AI score0.05791EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/02 7:44 a.m.35 views

Security Bulletin: Vulnerabilities in batik-all library affects IBM Engineering Test Management (ETM) (CVE-2022-38648, CVE-2022-40146, CVE-2022)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management in newer releases Vulnerability Details CVEID:CVE-2022-38648 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by a flaw when calling the fop function. By sending a...

7.5CVSS6.1AI score0.05791EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/02 7:43 a.m.28 views

Security Bulletin: Vulnerabilities in jna-platform library affects IBM Engineering Test Management (ETM)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management in newer releases Vulnerability Details IBM X-Force ID: 240628 DESCRIPTION: Java Native Access JNA is vulnerable to a denial of service, caused by an out-of-bounds read flaw in the...

6.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/02 7:42 a.m.18 views

Security Bulletin: Vulnerabilities in jdom affects IBM Engineering Test Management (ETM) (CVE-2021-33813)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request . A fix is available to address the vulnerability. Vulnerability Details...

7.5CVSS7.4AI score0.19442EPSS
Exploits1Affected Software1
Prion
Prion
added 2023/04/24 10:15 p.m.21 views

Command injection

Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v12.2 and prior and kiwitcms/enterprise v12.2 and prior, the changelog.yml workflow is vulnerable to command injection attacks because of using an untrusted github.headref field. The github.headref value is an attacker-controlle...

6.5CVSS9.1AI score0.03596EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2023/04/24 4:29 p.m.60 views

CVE-2023-30613

Kiwi TCMS before version 12.2 allowed arbitrary file uploads because there was no validation of upload file types. This allowed attackers to upload potentially executable files (.exe) or files containing [removed] tags that could trigger XSS, leading to code execution on users’ machines. Version ...

9CVSS8.7AI score0.01024EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/04/24 4:26 p.m.28 views

CVE-2023-30544 Kiwi TCMS may allow user to update email address to unverified one

Kiwi TCMS is an open source test management system. In versions of Kiwi TCMS prior to 12.2, users were able to update their email addresses via the My profile admin page. This page allowed them to change the email address registered with their account without the ownership verification performed...

3.9CVSS4.7AI score0.00419EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/24 12:51 p.m.23 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to a privilege escalation - CVE-2023-0482

Summary IBM WebSphere Application Server Liberty is vulnerable to a privilege escalation due to RESTEasy. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Workflow Management, IBM...

5.5CVSS5.8AI score0.00819EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 10:36 a.m.36 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM Java XML vulnerability CVE-2022-21426, deferred from Oracle Apr 2022 CPU - CVE-2022-21426

Summary A flaw in the XML component may lead to excessive memory consumption when compiling certain XPath expressions, which may in turn allow an attacker to inflict a denial-of-service. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed...

5.3CVSS6.6AI score0.03203EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/03/29 6:30 p.m.32 views

CVE-2023-27489 Stored cross site scripting via SVG file upload in Kiwi TCMS

Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS accepts SVG files uploaded by users which could potentially contain JavaScript code. If SVG images are viewed directly, i.e. not rendered in an HTML page, this JavaScript code could execute. This...

7.6CVSS6.1AI score0.00485EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:8 a.m.7 views

SUSE CVE-2019-16544

Jenkins QMetry for JIRA - Test Management Plugin 1.12 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

8.8CVSS8.4AI score0.00833EPSS
Exploits0References3
Rows per page
Query Builder