27 matches found
CVE-2024-39726
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...
EUVD-2024-38017
Malicious code in bioql PyPI...
CVE-2024-39727
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser...
CVE-2024-39727
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser...
CVE-2024-39727
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser...
CVE-2024-39725
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...
CVE-2024-39725 IBM Engineering Lifecycle Optimization - Engineering Insights information disclosure
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...
PT-2024-28653 · Ibm · Ibm Engineering Lifecycle Optimization - Engineering Insights
Name of the Vulnerable Software and Affected Versions: IBM Engineering Lifecycle Optimization - Engineering Insights versions 7.0.2 through 7.0.3 Description: The issue concerns the use of a web link with untrusted references to an external site, which could allow a remote attacker to expose...
IBM Engineering Lifecycle Optimization 安全漏洞
IBM Engineering Lifecycle Optimization - Engineering Insights ENI is a collaborative, Web-based application from IBM. An information disclosure vulnerability exists in IBM Engineering Lifecycle Optimization - Engineering Insights. The vulnerability is due to the fact that the affected version cou...
Security Bulletin: IBM Engineering Lifecycle Optimization - Engineering Insights uses a web link with untrusted references to an external site.
Summary IBM Engineering Lifecycle Optimization - Engineering Insights uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims' web browser. The web application...
CVE-2024-39726
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...
CVE-2024-39726
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...
CVE-2024-39726 IBM Engineering Insights XML external entity injection
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...
CVE-2024-39726
Summary: IBM Engineering Lifecycle Optimization – Engineering Insights vulnerable to XML External Entity Injection (XXE). Affected: DOORS Next/ENI components 7.0.2 and 7.0.3 (and 7.1.0 per bulletin) processing XML data. Root cause: improper handling of XML entities leading to potential data expos...
CVE-2024-39726 IBM Engineering Insights XML external entity injection
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM SDK, Java Technology Edition Quarterly CPU - Jul 2024 are affected by multiple vulnerabilities
Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their July 2024 Critical Patch Update, plus CVE-2024-27267. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed i...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM SDK, Java Technology Edition Quarterly CPU - Oct 2023 - Includes Oracle October 2023 CPU plus are vulnerable to CVE-2023-5676
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed i...
Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM Java XML vulnerability CVE-2022-21426, deferred from Oracle Apr 2022 CPU - CVE-2022-21426
Summary A flaw in the XML component may lead to excessive memory consumption when compiling certain XPath expressions, which may in turn allow an attacker to inflict a denial-of-service. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM® SDK, Java™ Technology Edition is affected by CVE-2021-35603
Summary There are security vulnerabilities that are addressed in the IBM® SDK Java Technology Edition 8.0.7.5. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: IBM Common Licensing, Rational Engineering Lifecycle...
Security Bulletin: The IBM® Engineering Lifecycle Management products recommendation for IBM Java XML vulnerability CVE-2022-21299
Summary A flaw in the XML component allows attackers to inflict a denial-of-service and/or access external entities which should be inaccessible. Vulnerability is identified in Java versions 7.0.11.5 and earlier, 7.1.5.5 and earlier, 8.0.7.5 and earlier. Vulnerability Details Refer to the securit...