Lucene search
K
IbmEngineering Lifecycle Optimization

11 matches found

CVE
CVE
added 2021/07/19 4:0 p.m.65 views

CVE-2021-20507

The CVE-2021-20507 entry affects IBM Jazz Foundation and IBM Engineering products, where a cross-site scripting flaw allows embedding arbitrary JavaScript in the Web UI, potentially exposing credentials within a trusted session. The vulnerability centers on Web UI script execution enabled by the ...

5.4CVSS5.3AI score0.00495EPSS
CVE
CVE
added 2021/10/27 4:0 p.m.64 views

CVE-2021-29713

CVE-2021-29713 affects IBM Jazz Team Server and related IBM Engineering Lifecycle Management components. The vulnerability is a cross-site scripting (XSS) flaw in the Web UI that could allow an attacker to embed arbitrary JavaScript, potentially leading to credential disclosure within a trusted s...

5.4CVSS5.5AI score0.0048EPSS
CVE
CVE
added 2021/10/27 4:0 p.m.62 views

CVE-2021-29774

Summary: CVE-2021-29774 affects IBM Jazz Team Server family (including CLM, ELM, DOORS Next, RTC, EWM, Rhapsody) where an authenticated user could obtain elevated privileges under certain configurations. The root cause is insufficient validation of user privileges, enabling privilege escalation w...

7.5CVSS7.5AI score0.0095EPSS
CVE
CVE
added 2024/02/09 12:32 a.m.61 views

CVE-2023-45190

CVE-2023-45190 affects IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3. The issue is HTTP header injection caused by improper validation of HOST headers, which can enable cross-site scripting, cache poisoning, or session hijacking. Public details consistently cite this vulnerability with t...

6.1CVSS6AI score0.00255EPSS
CVE
CVE
added 2021/07/19 4:0 p.m.58 views

CVE-2020-5031

CVE-2020-5031 concerns cross-site scripting in IBM Jazz Foundation and IBM Engineering products. Multiple connected sources describe that an attacker could embed arbitrary JavaScript in the Web UI, potentially altering functionality and leading to credentials disclosure within a trusted session. ...

5.4CVSS5.2AI score0.00495EPSS
CVE
CVE
added 2024/02/09 12:29 a.m.58 views

CVE-2023-45187

CVE-2023-45187 affects IBM Engineering Lifecycle Optimization - Publishing, with versions 7.0.2 and 7.0.3. The root cause is failure to invalidate the user session after logout, which could allow an authenticated user to impersonate another user on the system. NVD lists CVSSv3.1 base score 8.8 (H...

8.8CVSS8.1AI score0.00381EPSS
CVE
CVE
added 2021/10/27 4:0 p.m.56 views

CVE-2021-29673

The CVE-2021-29673 entry describes a cross-site scripting (XSS) vulnerability in IBM Jazz Team Server products, allowing an attacker to inject arbitrary JavaScript into the Web UI and potentially disclose credentials within a trusted session. Affected IBM Jazz components include CLM, DOORS Next, ...

5.4CVSS5.6AI score0.0048EPSS
CVE
CVE
added 2021/10/27 4:0 p.m.54 views

CVE-2021-29844

CVE-2021-29844 affects IBM Jazz Team Server family (including CLM, DOORS Next, ELM, EWM, RTC, and related IBM Engineering products). The vulnerability is a server-side request forgery (SSRF) due to insufficient validation of user input, enabling an authenticated attacker to cause the server to se...

8.8CVSS8.7AI score0.00573EPSS
CVE
CVE
added 2024/02/09 12:34 a.m.53 views

CVE-2023-45191

CVE-2023-45191 affects IBM Engineering Lifecycle Optimization Publishing (PUB) versions 7.0.2 and 7.0.3. Root cause is an inadequate account lockout setting, enabling a remote attacker to brute‑force credentials. This is supported by NVD/IBM listings with a CVSS v3.1 base score of 7.5 (HIGH) and ...

7.5CVSS7.2AI score0.00663EPSS
CVE
CVE
added 2021/10/27 4:0 p.m.52 views

CVE-2021-29786

CVE-2021-29786 describes an information-disclosure flaw in IBM Jazz Team Server products where user credentials are stored in plaintext and readable by an authenticated user. The vulnerability affects IBM Jazz Team Server family components (including CLM, ELM, DOORS Next, RTC, EWM, DOORS Next Gen...

6.5CVSS6.6AI score0.00544EPSS
CVE
CVE
added 2025/08/05 1:45 p.m.26 views

CVE-2024-52890

CVE-2024-52890 affects IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3. The root cause is unvalidated URIs in the application, leading to cross-site scripting (CWE-84). The vulnerability is rated CVSS v3.1 base score 6.1 (Medium) with attack vector Network, no privile...

6.1CVSS5.9AI score0.00183EPSS