Engineering Lifecycle Management@7.0.2 Security Vulnerabilities and Issues — Engineering Lifecycle Management@7.0.2 CVE List

Lucene search

IbmEngineering Lifecycle Management7.0.2

26 matches found

CVE•added 2021/06/02 9:15 p.m.•63 views

CVE-2021-20346

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194595.

5.5CVSS6AI score0.00148EPSS

CVE•added 2023/10/06 9:15 p.m.•61 views

CVE-2022-34355

IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) could disclose sensitive version information to a user that could be used in further attacks against the system. IBM X-Force ID: 230498.

5.5CVSS4.2AI score0.00021EPSS

CVE•added 2021/06/02 9:15 p.m.•60 views

CVE-2020-4495

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API, an attacker could exploit this vulnerability to bypass access restrictions, and execute arbitrar...

9CVSS8.7AI score0.0151EPSS

CVE•added 2021/06/02 9:15 p.m.•60 views

CVE-2021-20338

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

5.4CVSS5.5AI score0.00187EPSS

CVE•added 2021/06/02 9:15 p.m.•60 views

CVE-2021-20343

5.5CVSS6AI score0.0009EPSS

CVE•added 2021/06/02 9:15 p.m.•58 views

CVE-2021-20345

5.5CVSS6AI score0.00099EPSS

CVE•added 2021/06/02 9:15 p.m.•57 views

CVE-2021-20347

5.5CVSS6AI score0.00099EPSS

CVE•added 2021/06/02 9:15 p.m.•57 views

CVE-2021-20371

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195516.

6.5CVSS6.5AI score0.00141EPSS

CVE•added 2021/06/02 9:15 p.m.•56 views

CVE-2021-29670

5.4CVSS5.5AI score0.00208EPSS

CVE•added 2021/06/02 9:15 p.m.•55 views

CVE-2021-29668

5.4CVSS5.5AI score0.00208EPSS

CVE•added 2021/06/02 9:15 p.m.•54 views

CVE-2021-20348

5.5CVSS6.1AI score0.0009EPSS

CVE•added 2021/06/02 9:15 p.m.•53 views

CVE-2020-4977

IBM Engineering Lifecycle Optimization - Publishing is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-F...

5.4CVSS5.4AI score0.00187EPSS

CVE•added 2021/06/02 9:15 p.m.•52 views

CVE-2020-4732

IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to obtain sensitive information due to lack of security restrictions. IBM X-Force ID: 188126.

6.5CVSS6.5AI score0.00211EPSS

CVE•added 2021/06/02 9:15 p.m.•52 views

CVE-2020-5030

5.4CVSS5.5AI score0.00208EPSS

CVE•added 2021/03/04 7:15 p.m.•46 views

CVE-2021-20351

IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194708.

5.4CVSS5.3AI score0.00208EPSS

CVE•added 2021/03/04 7:15 p.m.•43 views

CVE-2020-4857

IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190460.

6.4CVSS5.4AI score0.00174EPSS

CVE•added 2021/03/04 7:15 p.m.•41 views

CVE-2020-4866

5.4CVSS5.5AI score0.00208EPSS

CVE•added 2021/03/04 7:15 p.m.•41 views

CVE-2021-20340

5.4CVSS5.5AI score0.00208EPSS

CVE•added 2021/04/12 6:15 p.m.•41 views

CVE-2021-20519

IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198441.

5.4CVSS5.6AI score0.00157EPSS

CVE•added 2021/03/04 7:15 p.m.•40 views

CVE-2020-4856

6.4CVSS5.4AI score0.0025EPSS

CVE•added 2021/04/12 6:15 p.m.•40 views

CVE-2020-4965

IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422.

7.5CVSS7.6AI score0.00111EPSS

CVE•added 2021/03/04 7:15 p.m.•40 views

CVE-2021-20350

5.4CVSS5.5AI score0.00208EPSS

CVE•added 2021/03/04 7:15 p.m.•39 views

CVE-2020-4863

6.4CVSS5.4AI score0.00177EPSS

CVE•added 2021/04/12 6:15 p.m.•38 views

CVE-2020-4920

IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191396.

6.4CVSS5.5AI score0.00128EPSS

CVE•added 2021/04/12 6:15 p.m.•37 views

CVE-2020-4964

IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419.

4.3CVSS5.2AI score0.00153EPSS

CVE•added 2021/03/04 7:15 p.m.•35 views

CVE-2020-4975

5.4CVSS5.5AI score0.0025EPSS