Engineering Insights@7.0.2 Security Vulnerabilities and Issues — Engineering Insights@7.0.2 CVE List

Lucene search

IbmEngineering Insights7.0.2

15 matches found

CVE•added 2024/12/25 2:15 p.m.•58 views

CVE-2024-39727

IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser.

9.8CVSS6.1AI score0.00059EPSS

CVE•added 2021/03/30 5:15 p.m.•55 views

CVE-2021-20447

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196623.

5.4CVSS5.5AI score0.00158EPSS

CVE•added 2021/03/30 5:15 p.m.•54 views

CVE-2021-20506

5.4CVSS5.5AI score0.00211EPSS

CVE•added 2021/03/30 5:15 p.m.•52 views

CVE-2021-20520

5.4CVSS5.5AI score0.00158EPSS

CVE•added 2021/03/30 5:15 p.m.•51 views

CVE-2021-20518

5.4CVSS5.5AI score0.00143EPSS

CVE•added 2021/03/30 5:15 p.m.•48 views

CVE-2021-20504

5.4CVSS5.5AI score0.00158EPSS

CVE•added 2021/03/30 5:15 p.m.•47 views

CVE-2021-20352

5.4CVSS5.5AI score0.00158EPSS

CVE•added 2024/12/25 2:15 p.m.•44 views

CVE-2024-39725

IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

5.3CVSS5AI score0.00055EPSS

CVE•added 2024/11/15 5:15 p.m.•44 views

CVE-2024-39726

IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

8.2CVSS8.2AI score0.00275EPSS

CVE•added 2021/03/30 5:15 p.m.•43 views

CVE-2021-20502

IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 198059.

7.1CVSS7.2AI score0.00274EPSS

CVE•added 2021/03/30 5:15 p.m.•43 views

CVE-2021-20503

5.4CVSS5.5AI score0.00158EPSS

CVE•added 2021/04/12 6:15 p.m.•41 views

CVE-2021-20519

IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198441.

5.4CVSS5.6AI score0.00157EPSS

CVE•added 2021/04/12 6:15 p.m.•40 views

CVE-2020-4965

IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422.

7.5CVSS7.6AI score0.00111EPSS

CVE•added 2021/04/12 6:15 p.m.•38 views

CVE-2020-4920

IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191396.

6.4CVSS5.5AI score0.00128EPSS

CVE•added 2021/04/12 6:15 p.m.•37 views

CVE-2020-4964

IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419.

4.3CVSS5.2AI score0.00153EPSS