EUVD-2024-42721

Malicious code in bioql PyPI...

Announcing TruRisk™ 2.0: Unleashing Next-Level Precision in Cyber Risk Management

In cybersecurity, quantifying risk with precision is essential for robust security posture management. At Qualys, we continuously refine our methodologies to meet and exceed the evolving demands of vulnerability management and risk management. In October 2024, the launch of Qualys Enterprise...

Security Bulletin: Vulnerabilities in Commons Codec library affects IBM Engineering Test Management (ETM) (IBM X-Force ID:177835)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details IBM X-Force ID: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server traditional is vulnerable to a denial of service due to Apache Commons FileUpload - CVE-2023-24998

Summary IBM WebSphere Application Server traditional is vulnerable to a denial of service due to Apache Commons FileUpload. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management Vulnerability...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console - CVE-2023-26283

Summary IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console . An attacker can manipulate the admin console help link to execute javascriptFollowing IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this...

Security Bulletin: The IBM® SDK Java Technology Edition 8.0.7.5 contains additional security fixes that can be applied to IBM Continuous Engineering products based on IBM Jazz Technology

Summary There are security vulnerabilities that are addressed in the IBM® SDK Java Technology Edition 8.0.7.5. The following products: IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Collaborative Lifecycle Management CLM, Engineering Lifecycle Management ELM...

Security Bulletin: IBM Engineering Test Management is vulnerable to execute arbitrary commands on system due to XStream ( CVE-2021-29505 ).

Summary IBM Engineering Test Management is vulnerable to remote attacker to execute arbitrary commands on the system, caused by improper input validation. By manipulating the processed input stream, an attacker could exploit this vulnerability to execute arbitrary commands on the system...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Appilcation Server and WebSphere Application Server Liberty affects IBM Engineering ELM products on IBM Jazz technology.

Summary There are multiple vulnerabilities in IBM WebSphere Application Server and WebSphere Application Server Liberty that affect IBM Engineering Products based on IBM Jazz technology. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Product...

Security Bulletin: Multiple vulnerabilities affects IBM Jazz Foundation and IBM Engineering products.

Summary There are multiple vulnerabilities that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Engineering Lifecycle Management ELM, IBM Engineering Requirements Management DOORS Next DOORS Next, IBM Engineering Lifecycle Optimization - Engineeri...