CVE-2021-39016

CVE-2021-39016 affects IBM Engineering Lifecycle Optimization - Publishing across multiple releases (PUB 7.0, 7.0.1, 7.0.2 and RPE 6.0.6, 6.0.6.1). The issue is inadequate monitoring/controlling of transmitted network traffic volume, allowing an actor to cause the software to transmit more traffi...

CVE-2021-39016

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. IBM X-Force ID: 213722...

CVE-2021-39015

IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2021-39015

IBM Engineering Lifecycle Optimization - Publishing is affected by CVE-2021-39015. The vulnerability is a cross-site scripting flaw in IBM Publishing 7.0, 7.0.1, and 7.0.2 caused by lack of data checksum filtering/output of user-supplied data, allowing arbitrary JavaScript in the Web UI and poten...

IBM Engineering Lifecycle Optimization 安全漏洞

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from International Business Machines IBM. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure the...

IBM Engineering Lifecycle Optimization 跨站脚本漏洞

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from IBM America. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that the entire organization...

IBM Engineering Lifecycle Optimization 安全漏洞

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from IBM America. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that the entire organization...

IBM Engineering Lifecycle Optimization 注入漏洞

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from IBM America. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure the entire organization has...

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to disclose highly sensitive information (CVE-2021-39019)

Summary IBM Engineering Lifecycle Optimization - Publishing Document Builder uses the POST method to submit passwords but can be forced to use the GET method also. Highly sensitive information can be disclosed through an HTTP GET request to an authenticated userCVE-2021-39019 Vulnerability Detail...

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to Host Header Injection (CVE-2021-39028)

Summary IBM Engineering Lifecycle Optimization - Publishing is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. CVE-2021-39028. Vulnerability Details CVEID: CVE-2021-39028 DESCRIPTION: IBM Engineering Lifecycle Optimization - Publishing is vulnerabl...

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing Document Builder is vulnerable to SQLinjection (CVE-2021-39018)

Summary UI validation to Folder Name field is missing in IBM Engineering Lifecycle Optimization - Publishing Document Builder, resulting in display of SQL error to UI. This indicates the presence of SQL injection vulnerability. CVE-2021-39018 Vulnerability Details CVEID: CVE-2021-39018 DESCRIPTIO...

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to Malicious File Upload (CVE-2021-39017)

Summary In IBM Engineering Lifecycle Optimization - Publishing, there are no file extension and content-type checks in place which helps an attacker to upload a malicious file of their choice. CVE-2021-39017 Vulnerability Details CVEID: CVE-2021-39017 DESCRIPTION: IBM Engineering Lifecycle...

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to External Service Interaction (CVE-2021-39016)

Summary In IBM Engineering Lifecycle Optimization - Publishing, it is possible to induce the application to perform server-side HTTP and HTTPS requests to arbitrary domains. CVE-2021-39016. Vulnerability Details CVEID: CVE-2021-39016 DESCRIPTION: IBM Engineering Lifecycle Optimization - Publishin...

Avoiding Death by a Thousand Scripts: Using Automated Content Security Policies

Businesses know they need to secure their client-side scripts. Content security policies CSPs are a great way to do that. But CSPs are cumbersome. One mistake and you have a potentially significant client-side security gap. Finding those gaps means long and tedious hours or days in manual code...

Debian: Security Advisory (DSA-5178-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux AMI : microcode_ctl (ALAS-2022-1606)

The version of microcodectl installed on the remote host is prior to 2.1-47.40. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1606 advisory. 2024-05-09: CVE-2021-33117 was added to this advisory. Improper access control for some 3rd Generation IntelR XeonR...

USN-5502-1 openssl vulnerability

Alex Chernyakhovsky discovered that OpenSSL incorrectly handled AES OCB mode when using the AES-NI assembly optimized implementation on 32-bit x86 platforms. A remote attacker could possibly use this issue to obtain sensitive information...

Security Bulletin: A security vulnerability has been identified in Apache log4j versions 2.0 beta 9 - 2.14 (CVE-2021-44228) in IBM Maximo Scheduler Optimization

Summary Apache log4j 2 library is used by IBM Maximo Scheduler Optimization MSO. This bulletin provides remediation for the Apache log4j 2 vulnerability CVE-2021-44228 by performing the applicable steps to the MSO product. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j coul...

CVE-2022-32325

JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c...

ZZCMS SQL Injection Vulnerability (CNVD-2022-58903)

zzcms Webmaster Merchants Content Management System, developed by the zzcms team, incorporates database optimization, content caching, AJAX and other technologies to make the site's security, stability, and load capacity is reliably guaranteed. The source code is open and the functional modules a...