Lucene search

K
IbmEngineering Lifecycle Optimization

28 matches found

CVE
CVE
added 2021/03/30 5:15 p.m.55 views

CVE-2021-20447

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196623.

5.4CVSS5.5AI score0.00158EPSS
CVE
CVE
added 2021/03/30 5:15 p.m.54 views

CVE-2021-20506

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198231.

5.4CVSS5.5AI score0.00211EPSS
CVE
CVE
added 2021/03/30 5:15 p.m.52 views

CVE-2021-20520

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198572.

5.4CVSS5.5AI score0.00158EPSS
CVE
CVE
added 2021/07/19 4:15 p.m.51 views

CVE-2021-20507

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

5.4CVSS5.3AI score0.00247EPSS
CVE
CVE
added 2021/03/30 5:15 p.m.51 views

CVE-2021-20518

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198437.

5.4CVSS5.5AI score0.00143EPSS
CVE
CVE
added 2021/03/30 5:15 p.m.48 views

CVE-2021-20504

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198231.

5.4CVSS5.5AI score0.00158EPSS
CVE
CVE
added 2021/03/30 5:15 p.m.47 views

CVE-2021-20352

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194710.

5.4CVSS5.5AI score0.00158EPSS
CVE
CVE
added 2021/10/27 4:15 p.m.47 views

CVE-2021-29713

IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

5.4CVSS5.5AI score0.00111EPSS
CVE
CVE
added 2021/03/04 7:15 p.m.46 views

CVE-2021-20351

IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194708.

5.4CVSS5.3AI score0.00208EPSS
CVE
CVE
added 2021/10/27 4:15 p.m.44 views

CVE-2021-29673

IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199482.

5.4CVSS5.6AI score0.00215EPSS
CVE
CVE
added 2021/10/27 4:15 p.m.44 views

CVE-2021-29774

IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025.

7.5CVSS7.5AI score0.00269EPSS
CVE
CVE
added 2021/03/04 7:15 p.m.43 views

CVE-2020-4857

IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190460.

6.4CVSS5.4AI score0.00174EPSS
CVE
CVE
added 2021/07/19 4:15 p.m.43 views

CVE-2020-5031

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

5.4CVSS5.2AI score0.00223EPSS
CVE
CVE
added 2021/03/30 5:15 p.m.43 views

CVE-2021-20502

IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 198059.

7.1CVSS7.2AI score0.00274EPSS
CVE
CVE
added 2021/03/30 5:15 p.m.43 views

CVE-2021-20503

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198182.

5.4CVSS5.5AI score0.00158EPSS
CVE
CVE
added 2024/02/09 1:15 a.m.43 views

CVE-2023-45187

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749.

8.8CVSS8.1AI score0.00036EPSS
CVE
CVE
added 2024/02/09 1:15 a.m.43 views

CVE-2023-45190

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or sessio...

6.1CVSS6AI score0.00046EPSS
CVE
CVE
added 2021/03/04 7:15 p.m.41 views

CVE-2020-4866

IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190742.

5.4CVSS5.5AI score0.00208EPSS
CVE
CVE
added 2021/03/04 7:15 p.m.41 views

CVE-2021-20340

IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194451.

5.4CVSS5.5AI score0.00208EPSS
CVE
CVE
added 2021/10/27 4:15 p.m.41 views

CVE-2021-29844

IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

8.8CVSS8.7AI score0.00128EPSS
CVE
CVE
added 2021/03/04 7:15 p.m.40 views

CVE-2020-4856

IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190459.

6.4CVSS5.4AI score0.0025EPSS
CVE
CVE
added 2021/03/04 7:15 p.m.40 views

CVE-2021-20350

IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194707.

5.4CVSS5.5AI score0.00208EPSS
CVE
CVE
added 2021/10/27 4:15 p.m.40 views

CVE-2021-29786

IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172.

6.5CVSS6.6AI score0.00087EPSS
CVE
CVE
added 2024/02/09 1:15 a.m.40 views

CVE-2023-45191

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755.

7.5CVSS7.2AI score0.0004EPSS
CVE
CVE
added 2021/03/04 7:15 p.m.39 views

CVE-2020-4863

IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190566.

6.4CVSS5.4AI score0.00177EPSS
CVE
CVE
added 2021/07/28 1:15 p.m.37 views

CVE-2020-4974

IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.

6.5CVSS6.3AI score0.00168EPSS
CVE
CVE
added 2021/07/28 1:15 p.m.37 views

CVE-2020-5004

IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957.

5.4CVSS5.3AI score0.00346EPSS
CVE
CVE
added 2021/03/04 7:15 p.m.35 views

CVE-2020-4975

IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192435.

5.4CVSS5.5AI score0.0025EPSS