Security Bulletin: IBM Engineering Test Management bundles IBM WebSphere Application Server which could provide weaker than expected security.

Summary IBM WebSphere Application Server shipped with IBM Engineering Test Management could provide weaker than expected security for TLS connections CVE-2025-33142. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affect...

CVE-2025-2139

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security...

CVE-2025-2139 IBM Engineering Requirements Management Doors Next security bypass

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security...

CVE-2025-2140 IBM Engineering Requirements Management Doors Next spoofing

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source data...

EUVD-2024-54848

Malicious code in bioql PyPI...

CVE-2025-53609

A Relative Path Traversal vulnerability CWE-23 in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may allow an authenticated attacker to perform an arbitrary file read on the underlying system via crafted requests...

IBM Jazz Foundation 跨站脚本漏洞

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technologies from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Jazz Foundation versions 7.0.2 iFix033 and earlier, 7.0.3 iFix012 and earlier, and 7.1.0 iFix002 and...

PT-2025-35945

Name of the Vulnerable Software and Affected Versions IBM Jazz Foundation versions 7.0.2 through 7.0.2 iFix033 IBM Jazz Foundation versions 7.0.3 through 7.0.3 iFix012 IBM Jazz Foundation versions 7.1.0 through 7.1.0 iFix002 Description An authenticated user may be able to upload files to the...

PT-2025-34545

Name of the Vulnerable Software and Affected Versions: IBM Jazz Foundation versions 7.0.2 through 7.0.2 iFix035 IBM Jazz Foundation versions 7.0.3 through 7.0.3 iFix018 IBM Jazz Foundation versions 7.1.0 through 7.1.0 iFix004 Description: The vulnerability allows an unauthenticated remote attacke...

IBM Engineering Lifecycle Optimization Publishing 安全漏洞

IBM Engineering Lifecycle Optimization Publishing is an automated document generation solution from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Engineering Lifecycle Optimization Publishing versions 7.0.2 and 7.03 that originates from an unvalidated URI...

IBM Engineering Requirements Management DOORS Next 安全漏洞

IBM Engineering Requirements Management DOORS Next is a scalable solution from International Business Machines IBM. The solution helps you capture, track, analyze, and manage systems and advanced IT application development. A security vulnerability exists in IBM Engineering Requirements Managemen...

IBM Jazz Foundation 安全漏洞

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology from International Business Machines IBM. A security vulnerability exists in IBM Jazz Foundation versions 7.0.2, 7.0.3, and 7.1.0. An attacker exploiting the vulnerability could gain access to sensiti...

IBM Jazz Foundation 安全漏洞

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology from International Business Machines IBM. A security vulnerability exists in IBM Jazz Foundation versions 7.0.2, 7.0.3, and 7.1.0. An attacker could exploit the vulnerability to obtain sensitive...

PT-2025-1094 · Ibm · Ibm Jazz Foundation

Name of the Vulnerable Software and Affected Versions: IBM Jazz Foundation versions 7.0.2 through 7.1.0 Description: The issue is related to inadequate access control to personal information, allowing an attacker to disclose protected information. Specifically, passwords are not masked during...

IBM Jazz Foundation 安全漏洞

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology from International Business Machines IBM. An Access Control Error vulnerability exists in IBM Jazz Foundation versions 7.0.2 and 7.0.3 that stems from improper access control and can be exploited by a...

CVE-2024-39726 IBM Engineering Insights XML external entity injection

IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

Security Bulletin: IBM Global Configuration Management - Vulnerable to archiving a global baseline by an authenticated user having improper access controls

Summary IBM Global Configuration Management is vulnerable to archiving a global baseline by an authenticated user having improper access controls/permissions. This bulletin contains information regarding the vulnerability and remediation actions. Vulnerability Details CVEID:CVE-2024-41773...

SUSE CVE-2022-38150

In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1...

IBM Engineering Lifecycle Optimization 安全漏洞

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from IBM America. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure the entire organization has...

CVE-2021-38124

Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager ESM product, affecting versions 7.0.2 through 7.5. The vulnerability could be exploited resulting in remote code execution...