37 matches found
Security Bulletin: IBM Engineering Test Management is affected by IBM WebSphere Application Server and Liberty are affected by SMTP injection(CVE-2025-7962)
Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by an SMTP injection vulnerability in the Jakarta Mail library. Following IBM® Engineering Lifecycle Management products are vulnerable to this attack, and addressed in this bulletin: IBM...
EUVD-2021-25371
Malware in sbrugna...
EUVD-2023-47475
Malicious code in bioql PyPI...
Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server traditional is affected by arbitrary code execution (CVE-2025-36038)
Summary WebSphere Application Server traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. Following IBM® Engineering Lifecycle Management product is vulnerable to this attack, it has been addressed in this...
CVE-2023-43054
IBM Engineering Test Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-For...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server is vulnerable to server-side request forgery (CVE-2025-27907)
Summary IBM WebSphere Application Server is vulnerable to server-side request forgery. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management. Vulnerability Details Refer to the security...
Security Bulletin: Custom "Execution States" names on IBM Engineering Test Management TCER pages are vulnerable to XSS ( CVE-2021-38934 )
Summary ETM allows customization of "Execution States" names, allowing the injection of XSS payloads and making them vulnerable to XSS. Custom values into the names of "Execution States" are not encoded while displaying them on the "Test Cases Execution Records" TCER pages, allowing the execution...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using WebSphere Application Server traditional is vulnerable to stored cross-site scripting
Summary IBM WebSphere Application Server is vulnerable to stored cross-site scripting in the administrative console. Following IBM® Engineering Lifecycle Engineering products is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management Vulnerability Detail...
Security Bulletin: The IBM® Engineering Lifecycle Engineering product using the -Xgc:concurrentScavenge option on IBM Z is vulnerable to Buffer overflow in GC
Summary CVE-2024-3933 affects IBM SDK, Java Technology Edition. An update has been released to address the vulnerability. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management, IBM Jazz...
Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server is vulnerable to remote code execution (CVE-2024-35154)
Summary IBM WebSphere Application Server is vulnerable to a remote code execution vulnerability in the administative console. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management Vulnerabilit...
IBM Engineering Test Management Cross-Site Scripting Vulnerability (CNVD-2024-22228)
IBM Engineering Test Management is a collaborative quality management software from International Business Machines IBM that provides end-to-end test planning and test asset management to improve team efficiency. IBM Engineering Test Management suffers from a cross-site scripting vulnerability th...
Cross site scripting
IBM Engineering Test Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-For...
Security Bulletin: Stored XSS executing on RPE report widget when run from within ETM
Summary Stored XSS issue on the RPE report widget has been addressed in RPE and no more seen in IBM Engineering Test Management Vulnerability Details CVEID:CVE-2023-43054 DESCRIPTION: IBM Engineering Test Management is vulnerable to stored cross-site scripting. This vulnerability allows users to...
Security Bulletin: Vulnerabilities in batik-all library affects IBM Engineering Test Management (ETM) (CVE-2022-44730, CVE-2022-44729)
Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2022-44730 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by improper input validation. By...
Security Bulletin: Vulnerabilities in xercesImpl library affects IBM Engineering Test Management (ETM) (CVE-2022-23437)
Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the...
Security Bulletin: Vulnerabilities in CKEditor library affects IBM Engineering Test Management (ETM) (CVE-2021-32809, CVE-2021-37695)
Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2021-32809 DESCRIPTION: CKEditor is vulnerable to HTML injection. A remote authenticated attacker could inject malicious HTML...
Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server traditional is vulnerable to an XML External Entity (XXE) Injection vulnerability - CVE-2023-27554
Summary IBM WebSphere Application Server is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. Following IBM® Engineering Lifecycle Engineering product ...
Security Bulletin: Vulnerability in Junit library affects IBM Engineering Test Management (ETM) ( CVE-2020-15250)
Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2020-15250 DESCRIPTION: JUnit4 could allow a local attacker to obtain sensitive information, caused by a flaw in test rule...
Security Bulletin: Vulberability in Apache commons io library affects IBM Engineering Test Management (ETM) (CVE-2021-29425)
Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by...
Security Bulletin: Vulnerabilities in httpclient library affects IBM Engineering Test Management (ETM) (CVE-2020-13956)
Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the imprope...