151 matches found
CVE-2023-45190
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...
CVE-2023-45191
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755...
Code injection
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749...
Code injection
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755...
Cross site scripting
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...
CVE-2023-45191 IBM Engineering Lifecycle Optimization information disclosure
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755...
CVE-2023-45190 IBM Engineering Lifecycle Optimization HTTP header injection
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...
CVE-2023-45190
CVE-2023-45190 affects IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3. The issue is HTTP header injection caused by improper validation of HOST headers, which can enable cross-site scripting, cache poisoning, or session hijacking. Public details consistently cite this vulnerability with t...
CVE-2023-45190 IBM Engineering Lifecycle Optimization HTTP header injection
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...
CVE-2023-45187 IBM Engineering Lifecycle Optimization - Publishing session fixation
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749...
IBM Engineering Lifecycle Optimization Code Issue Vulnerability
IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from International Business Machines IBM. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that...
IBM Engineering Lifecycle Optimization Security Vulnerability
IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from International Business Machines IBM. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that...
PT-2024-13222 · Ibm · Ibm Engineering Lifecycle Optimization
Name of the Vulnerable Software and Affected Versions: IBM Engineering Lifecycle Optimization versions 7.0.2 through 7.0.3 Description: The issue is related to an inadequate account lockout setting, which could allow a remote attacker to brute force account credentials. This could potentially lea...
Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing Does not support Container authentication from 7.0.3
Summary IBM Engineering Lifecycle Optimization - Publishing Does not support Container authentication from 7.0.3 Vulnerability Details CVEID:CVE-2023-45187 DESCRIPTION: IBM Engineering Lifecycle Optimization - Publishing does not invalidate session after logout which could allow an authenticated...
Security Bulletin: An issue was discovered in netplex json-smart which affects IBM Engineering Lifecycle Optimization - Publishing
Summary An issue was discovered in netplex json-smart which affect affect IBM Engineering Lifecycle Optimization - Publishing. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2021-27568 DESCRIPTION: Netplex json-smart-v1 and json-smart-v2 are vulnerable to a denial of servic...
Security Bulletin: Vulnerability in Apache Xerces2 Java XML Parser affect IBM Engineering Lifecycle Optimization - Publishing
Summary Vulnerability in Apache Xerces2 Java XML Parser affect IBM Engineering Lifecycle Optimization - Publishing Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuadi...
Security Bulletin: Vulnerability in jna-platform library affects IBM Engineering Lifecycle Optimization - Publishing
Summary This security vulnerablity has been addressed in IBM Engineering Lifecycle Optimization - Publishing newer releases Vulnerability Details IBM X-Force ID: 240628 DESCRIPTION: Java Native Access JNA is vulnerable to a denial of service, caused by an out-of-bounds read flaw in the...
Security Bulletin: Multiple vulnerabilities identified in jQuery-UI affects IBM Engineering Lifecycle Optimization - Publishing
Summary This Security Bulletin addresses security vulnerabilities with JQuery that have been remediated in latest iFixes of IBM Engineering Lifecycle Optimization - Publishing Vulnerability Details CVEID:CVE-2021-41184 DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site scripting, caused by...
Security Bulletin: Vulnerability in commons-codec-1.8.jar have affected IBM Engineering Lifecycle Optimization - Publishing
Summary This security bulletin addresses security vulnerabilities with Apache Commons Codec that have been remediated in latest iFixes of IBM Engineering Lifecycle Optimization - Publishing Vulnerability Details IBM X-Force ID: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attacke...
Security Bulletin: Multiple Vulnerabilities in Apache HttpClient, HttpComponents and HttpCommons affect IBM Engineering Lifecycle Optimization - Publishing
Summary There are multiple vulnerabilities in Apache HttpClient, HttpComponents and HttpCommons libraries. This has been addressed. Vulnerability Details CVEID:CVE-2015-5262 DESCRIPTION: Apache Commons is vulnerable to a denial of service, caused by the failure to apply a configured connection...