Security Bulletin: Vulnerability in Apache Xerces2 Java XML Parser affect IBM Engineering Lifecycle Optimization - Publishing

Summary Vulnerability in Apache Xerces2 Java XML Parser affect IBM Engineering Lifecycle Optimization - Publishing Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuadi...

Security Bulletin: Vulnerability in jna-platform library affects IBM Engineering Lifecycle Optimization - Publishing

Summary This security vulnerablity has been addressed in IBM Engineering Lifecycle Optimization - Publishing newer releases Vulnerability Details IBM X-Force ID: 240628 DESCRIPTION: Java Native Access JNA is vulnerable to a denial of service, caused by an out-of-bounds read flaw in the...

Security Bulletin: Multiple vulnerabilities identified in jQuery-UI affects IBM Engineering Lifecycle Optimization - Publishing

Summary This Security Bulletin addresses security vulnerabilities with JQuery that have been remediated in latest iFixes of IBM Engineering Lifecycle Optimization - Publishing Vulnerability Details CVEID:CVE-2021-41184 DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site scripting, caused by...

Security Bulletin: Vulnerability in commons-codec-1.8.jar have affected IBM Engineering Lifecycle Optimization - Publishing

Summary This security bulletin addresses security vulnerabilities with Apache Commons Codec that have been remediated in latest iFixes of IBM Engineering Lifecycle Optimization - Publishing Vulnerability Details IBM X-Force ID: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attacke...

Security Bulletin: Multiple Vulnerabilities in Apache HttpClient, HttpComponents and HttpCommons affect IBM Engineering Lifecycle Optimization - Publishing

Summary There are multiple vulnerabilities in Apache HttpClient, HttpComponents and HttpCommons libraries. This has been addressed. Vulnerability Details CVEID:CVE-2015-5262 DESCRIPTION: Apache Commons is vulnerable to a denial of service, caused by the failure to apply a configured connection...

Security Bulletin: Vulnerability in Apache Jena-arq library affects IBM Engineering Lifecycle Optimization - Publishing

Summary IBM Engineering Lifecycle Optimization - Publishing is vulnerable to a remote attack due to Apache Jena-arq Vulnerability Details CVEID:CVE-2023-22665 DESCRIPTION: Apache Jena could allow a remote attacker to execute arbitrary code on the system, caused by improper checking of user querie...

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to a remote attack due to Apache Jena Core

Summary BM Engineering Lifecycle Optimization - Publishing is vulnerable to a remote attack due to Apache Jena Core Vulnerability Details CVEID:CVE-2021-39239 DESCRIPTION: Apache Jena could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity...

Security Bulletin: Vulnerability in Apache Commons IO affect IBM Engineering Lifecycle Optimization - Publishing

Summary Apache Commons IO is used by IBM Engineering Lifecycle Optimization - Publishing Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normaliz...

Security Bulletin: A vulnerability in JDOM affects IBM Engineering Lifecycle Optimization - Publishing

Summary A vulnerability in JDOM affects IBM Engineering Lifecycle Optimization - Publishing Vulnerability Details CVEID:CVE-2021-33813 DESCRIPTION: JDOM is vulnerable to a denial of service, caused by an XXE issue in SAXBuilder. By sending a specially-crafted HTTP request, a remote attacker could...

Security Bulletin: Multiple vulnerabilities has been identified in FasterXML jackson-databind affect IBM Engineering Lifecycle Optimization - Publishing

Summary A security vulnerability has been identified in FasterXML jackson-databind affect IBM Engineering Lifecycle Optimization - Publishing. Information about a security vulnerability affecting jackson-databind has been published in a security bulletin. Vulnerability Details CVEID:CVE-2021-4687...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM Java XML vulnerability CVE-2022-21426, deferred from Oracle Apr 2022 CPU - CVE-2022-21426

Summary A flaw in the XML component may lead to excessive memory consumption when compiling certain XPath expressions, which may in turn allow an attacker to inflict a denial-of-service. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM® SDK, Java™ Technology Edition are affected by multiple vulnerabilities (CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619)

Summary This covers all applicable Java SE CVEs published by Oracle as part of their October 2022 Critical Patch Update. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Lifecycle...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM® SDK, Java™ Technology Edition are affected by multiple vulnerabilities ( CVE-2022-21541, CVE-2022-21540 )

Summary All applicable Java SE CVEs published by Oracle as part of their July 2022 Critical Patch Update. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management, BM Jazz Reporting Service , I...

Security Bulletin: A Remote Attack Vulnerability in Apache Log4j affects IBM Engineering Lifecycle Optimization - Publishing

Summary There is a Vulnerability in Apache Log4j CVE-2021-44228 which is used by "IBM Engineering Lifecycle Optimization - Publishing PUB" and "Rational Publishing Engine RPE." Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary...

IBM Engineering Lifecycle Optimization Cross-Site Scripting Vulnerability (CNVD-2022-55503)

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from IBM America. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that the entire organization...

IBM Engineering Lifecycle Optimization信息泄露漏洞

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM product portfolio from IBM USA. They make it easier to collect and analyze data from across the development environment to make better decisions. Automate reporting to ensure the entire...

CVE-2021-39018

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726...

CVE-2021-39019

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. IBM X-Force ID: 213728...

CVE-2021-39018

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726...

CVE-2021-39016

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. IBM X-Force ID: 213722...