Lucene search
K

159 matches found

NVD
NVD
added 2022/07/14 5:15 p.m.15 views

CVE-2021-39019

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. IBM X-Force ID: 213728...

6.5CVSS0.00705EPSS
Exploits0References2
OSV
OSV
added 2022/07/14 5:15 p.m.5 views

CVE-2021-39018

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726...

4.3CVSS5.6AI score0.00547EPSS
Exploits0References2
NVD
NVD
added 2022/07/14 5:15 p.m.15 views

CVE-2021-39017

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 213725...

6.5CVSS0.00773EPSS
Exploits0References2
Prion
Prion
added 2022/07/14 5:15 p.m.9 views

Information disclosure

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. IBM X-Force ID: 213728...

4CVSS6AI score0.00705EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/07/14 5:15 p.m.11 views

Cross site scripting

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site...

4.9CVSS5.2AI score0.00421EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/07/14 5:15 p.m.12 views

Code injection

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. IBM X-Force ID: 213722...

4CVSS4.5AI score0.00496EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/07/14 5:15 p.m.15 views

Cross site scripting

IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

4.9CVSS5.2AI score0.00421EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/07/14 5:15 p.m.13 views

Improper access control

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 213725...

4CVSS6.4AI score0.00773EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/07/14 4:15 p.m.20 views

CVE-2021-39028

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site...

5.4CVSS5.5AI score0.00421EPSS
Exploits0References2
CVE
CVE
added 2022/07/14 4:15 p.m.64 views

CVE-2021-39018

IBM Engineering Lifecycle Optimization - Publishing (Document Builder) contains a SQL injection-related information disclosure (CVE-2021-39018) affecting PUB 7.0, 7.0.1, 7.0.2 and RPE 6.0.6, 6.0.6.1. The root cause is missing UI validation in the Folder Name field, allowing sensitive data to be d...

4.3CVSS4.5AI score0.00547EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2022/07/14 4:15 p.m.14 views

CVE-2021-39018

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726...

4.3CVSS4.7AI score0.00547EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/07/14 4:15 p.m.21 views

CVE-2021-39016

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. IBM X-Force ID: 213722...

4.3CVSS4.7AI score0.00496EPSS
Exploits0References2
CVE
CVE
added 2022/07/14 4:15 p.m.70 views

CVE-2021-39015

IBM Engineering Lifecycle Optimization - Publishing is affected by CVE-2021-39015. The vulnerability is a cross-site scripting flaw in IBM Publishing 7.0, 7.0.1, and 7.0.2 caused by lack of data checksum filtering/output of user-supplied data, allowing arbitrary JavaScript in the Web UI and poten...

5.4CVSS5.2AI score0.00421EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2022/07/14 4:15 p.m.18 views

CVE-2021-39015

IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

5.4CVSS5.3AI score0.00421EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/07/14 12:0 a.m.3 views

IBM Engineering Lifecycle Optimization 安全漏洞

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from International Business Machines IBM. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure the...

6.5CVSS6.3AI score0.00773EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/07/14 12:0 a.m.4 views

IBM Engineering Lifecycle Optimization 注入漏洞

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from IBM America. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure the entire organization has...

5.4CVSS5.5AI score0.00421EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/07/14 12:0 a.m.2 views

IBM Engineering Lifecycle Optimization 安全漏洞

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from IBM America. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that the entire organization...

4.3CVSS5.1AI score0.00496EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/07/14 12:0 a.m.3 views

IBM Engineering Lifecycle Optimization 跨站脚本漏洞

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from IBM America. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that the entire organization...

5.4CVSS5.6AI score0.00421EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/13 9:4 a.m.27 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to disclose highly sensitive information (CVE-2021-39019)

Summary IBM Engineering Lifecycle Optimization - Publishing Document Builder uses the POST method to submit passwords but can be forced to use the GET method also. Highly sensitive information can be disclosed through an HTTP GET request to an authenticated userCVE-2021-39019 Vulnerability Detail...

6.5CVSS0.1AI score0.00705EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/13 8:20 a.m.34 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to Host Header Injection (CVE-2021-39028)

Summary IBM Engineering Lifecycle Optimization - Publishing is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. CVE-2021-39028. Vulnerability Details CVEID: CVE-2021-39028 DESCRIPTION: IBM Engineering Lifecycle Optimization - Publishing is vulnerabl...

5.4CVSS0.9AI score0.00421EPSS
Exploits0Affected Software1
Rows per page
Query Builder