151 matches found
CVE-2024-41763
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...
CVE-2024-41765
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
CVE-2024-41763
IBM Engineering Lifecycle Optimization Publishing versions 7.0.2 and 7.0.3 are affected by a cryptographic weakness that could allow an attacker to decrypt highly sensitive information. The issue stems from weaker-than-expected cryptographic algorithms used in PUB, as described in multiple connec...
CVE-2024-41763 IBM Engineering Lifecycle Optimization - Publishing information disclosure
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...
CVE-2024-41763 IBM Engineering Lifecycle Optimization - Publishing information disclosure
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...
CVE-2024-41766
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 are affected by CVE-2024-41766. A remote attacker can cause a denial of service by supplying a complex regular expression, leading to high availability impact. Affected products and versions: PUB 7.0.2 and 7.0.3. Root cause: inef...
CVE-2024-41766 IBM Engineering Lifecycle Optimization - Publishing denial of service
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression...
CVE-2024-41766 IBM Engineering Lifecycle Optimization - Publishing denial of service
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression...
CVE-2024-41765
CVE-2024-41765 affects IBM Engineering Lifecycle Optimization - Publishing (PUB) versions 7.0.2 and 7.0.3. A path traversal vulnerability allows remote attackers to view arbitrary files by sending specially crafted URLs containing dot-dot sequences (/../). IBM’s bulletin specifies CWE-22 (Path Tr...
CVE-2024-41765 IBM Engineering Lifecycle Optimization - Publishing directory traversal
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
CVE-2024-41765 IBM Engineering Lifecycle Optimization - Publishing directory traversal
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
CVE-2024-41767
CVE-2024-41767 affects IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3. The issue is a SQL injection in the component that constructs SQL commands from externally-controlled input, enabling a remote attacker to view, add, modify, or delete records in the back-end data...
CVE-2024-41767 IBM Engineering Lifecycle Optimization - Publishing SQL injection
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...
CVE-2024-41768
CVE-2024-41768 affects IBM Engineering Lifecycle Optimization - Publishing, versions 7.0.2 and 7.0.3. The root cause is improper SSL/TLS error handling that can cause an unhandled SSL exception, leaving a connection in an unexpected or insecure state. Public references confirm affected products/v...
CVE-2024-41768 IBM Engineering Lifecycle Optimization - Publishing unhandled SLL exception
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure state...
CVE-2024-41768 IBM Engineering Lifecycle Optimization - Publishing unhandled SLL exception
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure state...
IBM Engineering Lifecycle Optimization 安全漏洞
IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from International Business Machines IBM. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that...
IBM Engineering Lifecycle Optimization 安全漏洞
IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from International Business Machines IBM. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that...
IBM Engineering Lifecycle Optimization 路径遍历漏洞
IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from International Business Machines IBM. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that...
Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing could allow a remote attacker to cause a denial of service using a complex regular expression.
Summary Regular expressions are a formal language for identifying strings of text, parsing, and matching them. Most regular expressions engines are built over a non-deterministic Finite Automaton NFA. They use backtracking and, while these regular expression engines can quickly confirm a positive...