Lucene search
K
IbmEngineering Lifecycle Optimization - Engineering Insights

18 matches found

CVE
CVE
added 2021/06/02 8:40 p.m.77 views

CVE-2021-20346

CVE-2021-20346 affects IBM Jazz Foundation and IBM Engineering products, with a server-side request forgery (SSRF) flaw that could allow an authenticated attacker to send unauthorized requests from the system, potentially enabling network enumeration. The vulnerability is discussed across multipl...

5.5CVSS6AI score0.00504EPSS
CVE
CVE
added 2024/12/25 1:59 p.m.77 views

CVE-2024-39727

CVE-2024-39727 affects IBM Engineering Lifecycle Optimization components. The IBM bulletin describes that IBM Engineering Insights 7.0.2 and 7.0.3 use a web link with untrusted references to an external site, enabling a remote attacker to expose sensitive information or perform unauthorized actio...

9.8CVSS6.1AI score0.0034EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.75 views

CVE-2021-20338

Summary: CVE-2021-20338 is a cross-site scripting vulnerability affecting IBM Jazz Foundation and IBM Engineering products, including IBM Engineering Test Management. Public disclosures reference a Web UI XSS that can allow an attacker to embed arbitrary JavaScript, potentially leading to credent...

5.4CVSS5.5AI score0.00495EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.75 views

CVE-2021-20347

CVE-2021-20347 : IBM Jazz Foundation and IBM Engineering products are affected by a server-side request forgery (SSRF). The description notes authenticated attackers could cause the system to send unauthorized requests, enabling network enumeration or other attacks. The IBM bulletin (and CNVD/NVD...

5.5CVSS6AI score0.00504EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.73 views

CVE-2020-4495

CVE-2020-4495 concerns IBM Jazz Foundation and IBM Engineering products where an improper access control in the REST API allows a remote attacker to bypass restrictions and perform arbitrary actions with administrative privileges. The vulnerability affects multiple IBM Engineering product lines (...

9CVSS8.7AI score0.02648EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.72 views

CVE-2021-20343

CVE-2021-20343 describes a server-side request forgery (SSRF) vulnerability affecting IBM Jazz Foundation and multiple IBM Engineering products (e.g., DOORS Next, RDNG, PUB, RQM, ETM, CLM, ELM, ENI, RMM, RELM, RDM, etc.). The underlying issue enables an authenticated attacker to cause the system ...

5.5CVSS6AI score0.00504EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.72 views

CVE-2021-20345

This CVE-2021-20345 describes a server-side request forgery (SSRF) vulnerability affecting IBM Jazz Foundation and IBM Engineering products. Affected components include DOORS Next, RDNG, PUB, RQM, ETM, CLM, ELM, RMM, RELM, ENI and related Deployments (versions listed in the Affected Products and ...

5.5CVSS6AI score0.00504EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.72 views

CVE-2021-20371

CVE-2021-20371 describes an information-disclosure vulnerability in IBM Jazz Foundation and IBM Engineering products where error messages returned in the browser could reveal sensitive data. Affected products include IBM Jazz Foundation and Engineering Lifecycle Management suite (ELM) and related...

6.5CVSS6.5AI score0.01195EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.71 views

CVE-2021-20348

CVE-2021-20348 describes a server-side request forgery (SSRF) affecting IBM Jazz Foundation and IBM Engineering products. An authenticated attacker could issue unauthorized requests from the system, enabling network enumeration or related abuse. Connected sources enumerate affected products (DOOR...

5.5CVSS6.1AI score0.00504EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.69 views

CVE-2021-29670

CVE-2021-29670 is a cross-site scripting vulnerability affecting IBM Jazz Foundation and IBM Engineering products (including Engineering Insights, DOORS Next, RQM, ETM, EWM, ELN, etc.). The issue allows an attacker to embed arbitrary JavaScript in the Web UI, potentially altering functionality an...

5.4CVSS5.5AI score0.00495EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.68 views

CVE-2021-29668

CVE-2021-29668 is a cross-site scripting (XSS) vulnerability affecting IBM Jazz Foundation and IBM Engineering products (ELM/DOORS Next/RQM/ETM/ENI/RMM/etc.). The WEB UI fails to validate user-supplied data, allowing an attacker to inject JavaScript and potentially disclose credentials within a t...

5.4CVSS5.5AI score0.00495EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.67 views

CVE-2020-4977

Summary: CVE-2020-4977 is an stored cross-site scripting vulnerability in IBM Engineering Lifecycle Optimization - Publishing. The issue affects the Web UI where arbitrary JavaScript could be embedded, potentially leading to credentials disclosure within a trusted session. The problem is associat...

5.4CVSS5.4AI score0.00495EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.65 views

CVE-2020-4732

CVE-2020-4732 is described in connected sources as an authorization-related information disclosure affecting IBM Engineering Test Management (ETM) and related IBM Jazz/Engineering products. The vulnerability allows an authenticated user to obtain sensitive information due to lack of security rest...

6.5CVSS6.5AI score0.00801EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.65 views

CVE-2020-5030

CVE-2020-5030 is an XSS vulnerability in IBM Engineering Test Management (and IBM Jazz/Engineering platforms) affecting versions 7.0.0 and 7.0.1. The flaw allows an attacker to inject arbitrary JavaScript into the Web UI, potentially exposing credentials within a trusted session. The issue is doc...

5.4CVSS5.5AI score0.00495EPSS
CVE
CVE
added 2024/12/25 1:56 p.m.59 views

CVE-2024-39725

CVE-2024-39725 affects IBM Engineering Lifecycle Optimization – Engineering Insights (DOORS Next family): versions 7.0.2 and 7.0.3 are susceptible to information exposure via detailed error messages returned in the browser, enabling a remote attacker to view sensitive data. The IBM bulletin also ...

5.3CVSS5AI score0.00366EPSS
CVE
CVE
added 2024/11/15 4:13 p.m.56 views

CVE-2024-39726

Summary: IBM Engineering Lifecycle Optimization – Engineering Insights vulnerable to XML External Entity Injection (XXE). Affected: DOORS Next/ENI components 7.0.2 and 7.0.3 (and 7.1.0 per bulletin) processing XML data. Root cause: improper handling of XML entities leading to potential data expos...

8.2CVSS8.2AI score0.00679EPSS
CVE
CVE
added 2021/07/28 12:25 p.m.52 views

CVE-2020-5004

CVE-2020-5004 is a cross-site scripting vulnerability in IBM Jazz Foundation Web UI that could allow an attacker to embed arbitrary JavaScript and potentially disclose credentials in a trusted session. The issue affects IBM Jazz Foundation–based products (as listed in IBM advisories) and is refle...

5.4CVSS5.3AI score0.00495EPSS
CVE
CVE
added 2021/07/28 12:25 p.m.51 views

CVE-2020-4974

CVE-2020-4974 affects IBM Jazz Foundation and multiple IBM Engineering products (EWM, DOORS Next, RTC, RDNG, RQM, ELN/ENI/RELM/ELM, etc.). The vulnerability is Server-Side Request Forgery (SSRF) that an authenticated attacker could exploit to cause the system to send unauthorized requests, enabli...

6.5CVSS6.3AI score0.00598EPSS