Lucene search
K

151 matches found

Prion
Prion
added 2022/07/14 5:15 p.m.15 views

Cross site scripting

IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

4.9CVSS5.2AI score0.00421EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/07/14 5:15 p.m.13 views

Improper access control

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 213725...

4CVSS6.4AI score0.00773EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/07/14 4:15 p.m.20 views

CVE-2021-39028

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site...

5.4CVSS5.5AI score0.00421EPSS
Exploits0References2
CVE
CVE
added 2022/07/14 4:15 p.m.67 views

CVE-2021-39018

IBM Engineering Lifecycle Optimization - Publishing (Document Builder) contains a SQL injection-related information disclosure (CVE-2021-39018) affecting PUB 7.0, 7.0.1, 7.0.2 and RPE 6.0.6, 6.0.6.1. The root cause is missing UI validation in the Folder Name field, allowing sensitive data to be d...

4.3CVSS4.5AI score0.00547EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2022/07/14 4:15 p.m.20 views

CVE-2021-39018

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726...

4.3CVSS4.7AI score0.00547EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/07/14 4:15 p.m.21 views

CVE-2021-39016

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. IBM X-Force ID: 213722...

4.3CVSS4.7AI score0.00496EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/07/14 4:15 p.m.19 views

CVE-2021-39015

IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

5.4CVSS5.3AI score0.00421EPSS
Exploits0References2
CVE
CVE
added 2022/07/14 4:15 p.m.71 views

CVE-2021-39015

IBM Engineering Lifecycle Optimization - Publishing is affected by CVE-2021-39015. The vulnerability is a cross-site scripting flaw in IBM Publishing 7.0, 7.0.1, and 7.0.2 caused by lack of data checksum filtering/output of user-supplied data, allowing arbitrary JavaScript in the Web UI and poten...

5.4CVSS5.2AI score0.00421EPSS
Exploits0References2Affected Software2
CNNVD
CNNVD
added 2022/07/14 12:0 a.m.3 views

IBM Engineering Lifecycle Optimization 安全漏洞

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from International Business Machines IBM. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure the...

6.5CVSS6.3AI score0.00773EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/07/14 12:0 a.m.4 views

IBM Engineering Lifecycle Optimization 跨站脚本漏洞

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from IBM America. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that the entire organization...

5.4CVSS5.6AI score0.00421EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/07/14 12:0 a.m.2 views

IBM Engineering Lifecycle Optimization 安全漏洞

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from IBM America. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that the entire organization...

4.3CVSS5.1AI score0.00496EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/07/14 12:0 a.m.4 views

IBM Engineering Lifecycle Optimization 注入漏洞

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from IBM America. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure the entire organization has...

5.4CVSS5.5AI score0.00421EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/13 9:4 a.m.27 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to disclose highly sensitive information (CVE-2021-39019)

Summary IBM Engineering Lifecycle Optimization - Publishing Document Builder uses the POST method to submit passwords but can be forced to use the GET method also. Highly sensitive information can be disclosed through an HTTP GET request to an authenticated userCVE-2021-39019 Vulnerability Detail...

6.5CVSS0.1AI score0.00705EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/13 8:20 a.m.34 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to Host Header Injection (CVE-2021-39028)

Summary IBM Engineering Lifecycle Optimization - Publishing is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. CVE-2021-39028. Vulnerability Details CVEID: CVE-2021-39028 DESCRIPTION: IBM Engineering Lifecycle Optimization - Publishing is vulnerabl...

5.4CVSS0.9AI score0.00421EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/13 8:16 a.m.23 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing Document Builder is vulnerable to SQLinjection (CVE-2021-39018)

Summary UI validation to Folder Name field is missing in IBM Engineering Lifecycle Optimization - Publishing Document Builder, resulting in display of SQL error to UI. This indicates the presence of SQL injection vulnerability. CVE-2021-39018 Vulnerability Details CVEID: CVE-2021-39018 DESCRIPTIO...

4.3CVSS0.5AI score0.00547EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/13 8:13 a.m.37 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to Malicious File Upload (CVE-2021-39017)

Summary In IBM Engineering Lifecycle Optimization - Publishing, there are no file extension and content-type checks in place which helps an attacker to upload a malicious file of their choice. CVE-2021-39017 Vulnerability Details CVEID: CVE-2021-39017 DESCRIPTION: IBM Engineering Lifecycle...

6.5CVSS1.1AI score0.00773EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/13 7:54 a.m.38 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to External Service Interaction (CVE-2021-39016)

Summary In IBM Engineering Lifecycle Optimization - Publishing, it is possible to induce the application to perform server-side HTTP and HTTPS requests to arbitrary domains. CVE-2021-39016. Vulnerability Details CVEID: CVE-2021-39016 DESCRIPTION: IBM Engineering Lifecycle Optimization - Publishin...

4.3CVSS0.8AI score0.00496EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/13 8:44 p.m.59 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, ) and denial of service due to Apache Log4j (CVE-2021-45105)

Summary There are Remote Attack Vulnerabilities in Apache Log4j CVE-2021-44832, CVE-2021-45046, CVE-2021-45105 which is used by IBM Engineering Lifecycle Optimization - Publishing PUB and Rational Publishing Engine RPE Knowledge Center for logging . The fix includes upgrade to Apache Log4j v2.17....

10CVSS1AI score0.99999EPSS
Exploits357Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/11 5:38 p.m.111 views

Security Bulletin: A Remote Attack Vulnerability in Apache Log4j affects Engineering Lifecycle Management and IBM Engineering products

Summary There is a high risk Remote Attack Vulnerability in Apache Log4j CVE-2021-44228 which is used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Engineering Lifecycle Management ELM, IBM Engineering Workflow Management EWM, IBM Engineering Systems...

10CVSS0.9AI score0.99999EPSS
Exploits351Affected Software9
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/04 4:49 p.m.35 views

Security Bulletin: A Remote Attack Vulnerability in Apache Log4j affects IBM Engineering Lifecycle Optimization - Integration Adapters Tasktop Edition and Tasktop Sync

Summary No action is required for Tasktop Viz or Tasktop Sync or IBM Engineering Lifecycle Optimization - Integration Adapters Tasktop Edition as they were not impacted by this vulnerability. Sync or IBM LIA is using Log4J 1.2.15, which is very old and not subject to the Log4J vulnerability. The...

10CVSS1.4AI score0.99999EPSS
Exploits351Affected Software1
Rows per page
Query Builder