11 matches found
CVE-2021-20507
The CVE-2021-20507 entry affects IBM Jazz Foundation and IBM Engineering products, where a cross-site scripting flaw allows embedding arbitrary JavaScript in the Web UI, potentially exposing credentials within a trusted session. The vulnerability centers on Web UI script execution enabled by the ...
CVE-2021-29713
CVE-2021-29713 affects IBM Jazz Team Server and related IBM Engineering Lifecycle Management components. The vulnerability is a cross-site scripting (XSS) flaw in the Web UI that could allow an attacker to embed arbitrary JavaScript, potentially leading to credential disclosure within a trusted s...
CVE-2021-29774
Summary: CVE-2021-29774 affects IBM Jazz Team Server family (including CLM, ELM, DOORS Next, RTC, EWM, Rhapsody) where an authenticated user could obtain elevated privileges under certain configurations. The root cause is insufficient validation of user privileges, enabling privilege escalation w...
CVE-2023-45190
CVE-2023-45190 affects IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3. The issue is HTTP header injection caused by improper validation of HOST headers, which can enable cross-site scripting, cache poisoning, or session hijacking. Public details consistently cite this vulnerability with t...
CVE-2020-5031
CVE-2020-5031 concerns cross-site scripting in IBM Jazz Foundation and IBM Engineering products. Multiple connected sources describe that an attacker could embed arbitrary JavaScript in the Web UI, potentially altering functionality and leading to credentials disclosure within a trusted session. ...
CVE-2023-45187
CVE-2023-45187 affects IBM Engineering Lifecycle Optimization - Publishing, with versions 7.0.2 and 7.0.3. The root cause is failure to invalidate the user session after logout, which could allow an authenticated user to impersonate another user on the system. NVD lists CVSSv3.1 base score 8.8 (H...
CVE-2021-29673
The CVE-2021-29673 entry describes a cross-site scripting (XSS) vulnerability in IBM Jazz Team Server products, allowing an attacker to inject arbitrary JavaScript into the Web UI and potentially disclose credentials within a trusted session. Affected IBM Jazz components include CLM, DOORS Next, ...
CVE-2021-29844
CVE-2021-29844 affects IBM Jazz Team Server family (including CLM, DOORS Next, ELM, EWM, RTC, and related IBM Engineering products). The vulnerability is a server-side request forgery (SSRF) due to insufficient validation of user input, enabling an authenticated attacker to cause the server to se...
CVE-2023-45191
CVE-2023-45191 affects IBM Engineering Lifecycle Optimization Publishing (PUB) versions 7.0.2 and 7.0.3. Root cause is an inadequate account lockout setting, enabling a remote attacker to brute‑force credentials. This is supported by NVD/IBM listings with a CVSS v3.1 base score of 7.5 (HIGH) and ...
CVE-2021-29786
CVE-2021-29786 describes an information-disclosure flaw in IBM Jazz Team Server products where user credentials are stored in plaintext and readable by an authenticated user. The vulnerability affects IBM Jazz Team Server family components (including CLM, ELM, DOORS Next, RTC, EWM, DOORS Next Gen...
CVE-2024-52890
CVE-2024-52890 affects IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3. The root cause is unvalidated URIs in the application, leading to cross-site scripting (CWE-84). The vulnerability is rated CVSS v3.1 base score 6.1 (Medium) with attack vector Network, no privile...