Lucene search
K

37 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/03/25 12:17 p.m.7 views

Security Bulletin: IBM Engineering Test Management is affected by IBM WebSphere Application Server and Liberty are affected by SMTP injection(CVE-2025-7962)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by an SMTP injection vulnerability in the Jakarta Mail library. Following IBM® Engineering Lifecycle Management products are vulnerable to this attack, and addressed in this bulletin: IBM...

7.5CVSS6.7AI score0.00756EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2021-25371

Malware in sbrugna...

5.4CVSS5.5AI score0.00391EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-47475

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00303EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/30 7:21 a.m.12 views

Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server traditional is affected by arbitrary code execution (CVE-2025-36038)

Summary WebSphere Application Server traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. Following IBM® Engineering Lifecycle Management product is vulnerable to this attack, it has been addressed in this...

9.8CVSS8AI score0.08023EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 5:26 a.m.7 views

CVE-2023-43054

IBM Engineering Test Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-For...

6.4CVSS5.9AI score0.00303EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/07 6:57 a.m.10 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server is vulnerable to server-side request forgery (CVE-2025-27907)

Summary IBM WebSphere Application Server is vulnerable to server-side request forgery. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management. Vulnerability Details Refer to the security...

4.1CVSS6.4AI score0.00306EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 2:12 a.m.43 views

Security Bulletin: Custom "Execution States" names on IBM Engineering Test Management TCER pages are vulnerable to XSS ( CVE-2021-38934 )

Summary ETM allows customization of "Execution States" names, allowing the injection of XSS payloads and making them vulnerable to XSS. Custom values into the names of "Execution States" are not encoded while displaying them on the "Test Cases Execution Records" TCER pages, allowing the execution...

5.4CVSS5.5AI score0.00391EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/13 10:5 a.m.3 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using WebSphere Application Server traditional is vulnerable to stored cross-site scripting

Summary IBM WebSphere Application Server is vulnerable to stored cross-site scripting in the administrative console. Following IBM® Engineering Lifecycle Engineering products is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management Vulnerability Detail...

6.1AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/09 4:51 a.m.19 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using the -Xgc:concurrentScavenge option on IBM Z is vulnerable to Buffer overflow in GC

Summary CVE-2024-3933 affects IBM SDK, Java Technology Edition. An update has been released to address the vulnerability. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management, IBM Jazz...

7.3CVSS5.6AI score0.00207EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/09 4:45 a.m.18 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server is vulnerable to remote code execution (CVE-2024-35154)

Summary IBM WebSphere Application Server is vulnerable to a remote code execution vulnerability in the administative console. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management Vulnerabilit...

7.2CVSS7.4AI score0.01163EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2024/03/05 12:0 a.m.7 views

IBM Engineering Test Management Cross-Site Scripting Vulnerability (CNVD-2024-22228)

IBM Engineering Test Management is a collaborative quality management software from International Business Machines IBM that provides end-to-end test planning and test asset management to improve team efficiency. IBM Engineering Test Management suffers from a cross-site scripting vulnerability th...

6.4CVSS5.7AI score0.00303EPSS
Exploits0References1
Prion
Prion
added 2024/03/03 1:15 p.m.21 views

Cross site scripting

IBM Engineering Test Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-For...

5.5CVSS6.1AI score0.00303EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/29 1:26 p.m.18 views

Security Bulletin: Stored XSS executing on RPE report widget when run from within ETM

Summary Stored XSS issue on the RPE report widget has been addressed in RPE and no more seen in IBM Engineering Test Management Vulnerability Details CVEID:CVE-2023-43054 DESCRIPTION: IBM Engineering Test Management is vulnerable to stored cross-site scripting. This vulnerability allows users to...

6.4CVSS5.9AI score0.00303EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/29 11:52 a.m.35 views

Security Bulletin: Vulnerabilities in batik-all library affects IBM Engineering Test Management (ETM) (CVE-2022-44730, CVE-2022-44729)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2022-44730 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by improper input validation. By...

7.1CVSS5.3AI score0.00786EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/29 11:50 a.m.49 views

Security Bulletin: Vulnerabilities in xercesImpl library affects IBM Engineering Test Management (ETM) (CVE-2022-23437)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the...

7.1CVSS6.5AI score0.0444EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/21 9:50 a.m.41 views

Security Bulletin: Vulnerabilities in CKEditor library affects IBM Engineering Test Management (ETM) (CVE-2021-32809, CVE-2021-37695)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2021-32809 DESCRIPTION: CKEditor is vulnerable to HTML injection. A remote authenticated attacker could inject malicious HTML...

7.3CVSS5.8AI score0.01324EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/01 7:44 a.m.21 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server traditional is vulnerable to an XML External Entity (XXE) Injection vulnerability - CVE-2023-27554

Summary IBM WebSphere Application Server is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. Following IBM® Engineering Lifecycle Engineering product ...

9.1CVSS7.6AI score0.00859EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/18 7:23 a.m.32 views

Security Bulletin: Vulnerability in Junit library affects IBM Engineering Test Management (ETM) ( CVE-2020-15250)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2020-15250 DESCRIPTION: JUnit4 could allow a local attacker to obtain sensitive information, caused by a flaw in test rule...

5.5CVSS4.7AI score0.01695EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/18 7:19 a.m.41 views

Security Bulletin: Vulberability in Apache commons io library affects IBM Engineering Test Management (ETM) (CVE-2021-29425)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by...

5.8CVSS6.3AI score0.10608EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/18 7:15 a.m.27 views

Security Bulletin: Vulnerabilities in httpclient library affects IBM Engineering Test Management (ETM) (CVE-2020-13956)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the imprope...

5.3CVSS5.8AI score0.08665EPSS
Exploits1Affected Software1
Rows per page
Query Builder