Lucene search
K

24 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/10 4:25 p.m.7 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Engineering Publishing affected by a race condition in Eclipse Jersey (CVE-2025-12383)

Summary A critical race condition CVE-2025-12383 has been identified in the Eclipse Jersey client library jersey-client-2.26.jar used by IBM Engineering Lifecycle Optimization - Engineering Publishing. Under high-concurrency conditions, a flaw in the HTTPS client's lazy initialization flow can...

9.4CVSS7.5AI score0.00271EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-25563

Malware in sbrugna...

4.7CVSS4.8AI score0.01172EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-10803

Malware in sbrugna...

6.7CVSS5.8AI score0.00367EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-12530

Malware in sbrugna...

5.4CVSS5.5AI score0.00968EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2025/01/16 12:0 a.m.6 views

The vulnerability of the software implementations of TLS and SSL protocols for automating the creation, publication, and distribution of reports and documents in IBM Engineering Lifecycle Optimization – Publishing (PUB) allows a perpetrator to cause service failures.

The vulnerability of software implementations of TLS and SSL protocols for automating the creation, publication, and distribution of reports and documents in IBM Engineering Lifecycle Optimization – Publishing PUB involves deficiencies in access control. Exploiting this vulnerability could allow ...

6.5CVSS5.4AI score0.00394EPSS
Exploits0References2
OSV
OSV
added 2024/06/09 1:15 p.m.7 views

CVE-2023-45188

IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file,...

9.8CVSS6.2AI score0.00651EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/04 8:41 a.m.34 views

Security Bulletin: Vulnerability in Apache Xerces2 Java XML Parser affect IBM Engineering Lifecycle Optimization - Publishing

Summary Vulnerability in Apache Xerces2 Java XML Parser affect IBM Engineering Lifecycle Optimization - Publishing Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuadi...

7.1CVSS6.5AI score0.0444EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/13 9:4 a.m.27 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to disclose highly sensitive information (CVE-2021-39019)

Summary IBM Engineering Lifecycle Optimization - Publishing Document Builder uses the POST method to submit passwords but can be forced to use the GET method also. Highly sensitive information can be disclosed through an HTTP GET request to an authenticated userCVE-2021-39019 Vulnerability Detail...

6.5CVSS0.1AI score0.00705EPSS
Exploits0Affected Software1
OSV
OSV
added 2021/06/02 9:15 p.m.2 views

CVE-2020-4977

IBM Engineering Lifecycle Optimization - Publishing is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

5.4CVSS6AI score0.00495EPSS
Exploits0References2
OSV
OSV
added 2020/07/16 3:15 p.m.6 views

CVE-2020-4316

IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecu...

4.7CVSS5.6AI score
Exploits0References2
NVD
NVD
added 2020/07/16 3:15 p.m.11 views

CVE-2020-4316

IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecu...

4.7CVSS0.01172EPSS
Exploits0References2
Prion
Prion
added 2020/07/16 3:15 p.m.14 views

Authorization

IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecu...

4.3CVSS4.3AI score0.01172EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2020/07/16 3:5 p.m.19 views

CVE-2020-4316

IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecu...

4.3CVSS4.3AI score0.01172EPSS
Exploits0References2
CVE
CVE
added 2020/07/16 3:5 p.m.47 views

CVE-2020-4316

IBM Publishing Engine is affected by CVE-2020-4316 due to not setting the secure attribute on authorization tokens and session cookies. Impact: cookies may be exposed when a user visits an http link or a site embedding it, allowing eavesdropping of cookie values. Affected versions: IBM Publishing...

4.7CVSS4.3AI score0.01172EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/15 7:0 p.m.18 views

Security Bulletin: Session cookie is missing secure attribute and affects IBM Publishing Engine

Summary There is a vulnerability in the session cookie which misses a secure attribute and affects IBM Publishing Engine Vulnerability Details CVEID: CVE-2020-4316 DESCRIPTION: IBM Publishing Engine does not set the secure attribute on authorization tokens or session cookies. Attackers may be abl...

4.7CVSS0.7AI score0.01172EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2019/01/07 12:0 a.m.3 views

IBM Publishing Engine Cross-Site Scripting Vulnerability

IBM Publishing Engine is a U.S. IBM automated document generation solution. The program can generate Rational product documentation , but also supports the choice of other vendors to generate documentation for the application . A cross-site scripting vulnerability exists in IBM Publishing Engine...

5.4CVSS6.4AI score0.00968EPSS
Exploits0References1
CNVD
CNVD
added 2019/01/07 12:0 a.m.2 views

IBM Publishing Engine Cross-Site Scripting Vulnerability (CNVD-2019-00560)

IBM Publishing Engine is a U.S. IBM automated document generation solution. The program can generate Rational product documentation , but also supports the choice of other vendors to generate documentation for the application . A cross-site scripting vulnerability exists in IBM Publishing Engine...

5.4CVSS6.4AI score0.00968EPSS
Exploits0References1
OSV
OSV
added 2019/01/04 3:29 p.m.2 views

CVE-2018-1951

IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

5.4CVSS5.4AI score0.00968EPSS
Exploits0References3
NVD
NVD
added 2019/01/04 3:29 p.m.15 views

CVE-2018-1951

IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

5.4CVSS5.2AI score0.00968EPSS
Exploits0References3
Prion
Prion
added 2019/01/04 3:29 p.m.12 views

Cross site scripting

IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

3.5CVSS5.2AI score0.00968EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder