Lucene search
K
IbmEngineering Lifecycle Optimization - Publishing

28 matches found

CVE
CVE
added 2021/06/02 8:40 p.m.77 views

CVE-2021-20346

CVE-2021-20346 affects IBM Jazz Foundation and IBM Engineering products, with a server-side request forgery (SSRF) flaw that could allow an authenticated attacker to send unauthorized requests from the system, potentially enabling network enumeration. The vulnerability is discussed across multipl...

5.5CVSS6AI score0.00504EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.75 views

CVE-2021-20347

CVE-2021-20347 : IBM Jazz Foundation and IBM Engineering products are affected by a server-side request forgery (SSRF). The description notes authenticated attackers could cause the system to send unauthorized requests, enabling network enumeration or other attacks. The IBM bulletin (and CNVD/NVD...

5.5CVSS6AI score0.00504EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.74 views

CVE-2021-20338

Summary: CVE-2021-20338 is a cross-site scripting vulnerability affecting IBM Jazz Foundation and IBM Engineering products, including IBM Engineering Test Management. Public disclosures reference a Web UI XSS that can allow an attacker to embed arbitrary JavaScript, potentially leading to credent...

5.4CVSS5.5AI score0.00495EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.73 views

CVE-2020-4495

CVE-2020-4495 concerns IBM Jazz Foundation and IBM Engineering products where an improper access control in the REST API allows a remote attacker to bypass restrictions and perform arbitrary actions with administrative privileges. The vulnerability affects multiple IBM Engineering product lines (...

9CVSS8.7AI score0.02648EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.72 views

CVE-2021-20343

CVE-2021-20343 describes a server-side request forgery (SSRF) vulnerability affecting IBM Jazz Foundation and multiple IBM Engineering products (e.g., DOORS Next, RDNG, PUB, RQM, ETM, CLM, ELM, ENI, RMM, RELM, RDM, etc.). The underlying issue enables an authenticated attacker to cause the system ...

5.5CVSS6AI score0.00504EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.72 views

CVE-2021-20345

This CVE-2021-20345 describes a server-side request forgery (SSRF) vulnerability affecting IBM Jazz Foundation and IBM Engineering products. Affected components include DOORS Next, RDNG, PUB, RQM, ETM, CLM, ELM, RMM, RELM, ENI and related Deployments (versions listed in the Affected Products and ...

5.5CVSS6AI score0.00504EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.72 views

CVE-2021-20371

CVE-2021-20371 describes an information-disclosure vulnerability in IBM Jazz Foundation and IBM Engineering products where error messages returned in the browser could reveal sensitive data. Affected products include IBM Jazz Foundation and Engineering Lifecycle Management suite (ELM) and related...

6.5CVSS6.5AI score0.01195EPSS
CVE
CVE
added 2022/07/14 4:15 p.m.72 views

CVE-2021-39017

CVE-2021-39017 overview (IBM ELM Publishing) : The vulnerability arises from improper access controls in IBM Engineering Lifecycle Optimization - Publishing, allowing a remote attacker to upload arbitrary files. Affected versions are PUB 6.0.x and 7.0.x lines, including 6.0.6, 6.0.6.1, 7.0, 7.0.1...

6.5CVSS6.3AI score0.00773EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.71 views

CVE-2021-20348

CVE-2021-20348 describes a server-side request forgery (SSRF) affecting IBM Jazz Foundation and IBM Engineering products. An authenticated attacker could issue unauthorized requests from the system, enabling network enumeration or related abuse. Connected sources enumerate affected products (DOOR...

5.5CVSS6.1AI score0.00504EPSS
CVE
CVE
added 2022/07/14 4:15 p.m.71 views

CVE-2021-39015

IBM Engineering Lifecycle Optimization - Publishing is affected by CVE-2021-39015. The vulnerability is a cross-site scripting flaw in IBM Publishing 7.0, 7.0.1, and 7.0.2 caused by lack of data checksum filtering/output of user-supplied data, allowing arbitrary JavaScript in the Web UI and poten...

5.4CVSS5.2AI score0.00421EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.69 views

CVE-2021-29670

CVE-2021-29670 is a cross-site scripting vulnerability affecting IBM Jazz Foundation and IBM Engineering products (including Engineering Insights, DOORS Next, RQM, ETM, EWM, ELN, etc.). The issue allows an attacker to embed arbitrary JavaScript in the Web UI, potentially altering functionality an...

5.4CVSS5.5AI score0.00495EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.68 views

CVE-2021-29668

CVE-2021-29668 is a cross-site scripting (XSS) vulnerability affecting IBM Jazz Foundation and IBM Engineering products (ELM/DOORS Next/RQM/ETM/ENI/RMM/etc.). The WEB UI fails to validate user-supplied data, allowing an attacker to inject JavaScript and potentially disclose credentials within a t...

5.4CVSS5.5AI score0.00495EPSS
CVE
CVE
added 2022/07/14 4:15 p.m.68 views

CVE-2021-39016

CVE-2021-39016 affects IBM Engineering Lifecycle Optimization - Publishing across multiple releases (PUB 7.0, 7.0.1, 7.0.2 and RPE 6.0.6, 6.0.6.1). The issue is inadequate monitoring/controlling of transmitted network traffic volume, allowing an actor to cause the software to transmit more traffi...

4.3CVSS4.5AI score0.00496EPSS
CVE
CVE
added 2022/07/14 4:15 p.m.67 views

CVE-2021-39018

IBM Engineering Lifecycle Optimization - Publishing (Document Builder) contains a SQL injection-related information disclosure (CVE-2021-39018) affecting PUB 7.0, 7.0.1, 7.0.2 and RPE 6.0.6, 6.0.6.1. The root cause is missing UI validation in the Folder Name field, allowing sensitive data to be d...

4.3CVSS4.5AI score0.00547EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.66 views

CVE-2020-4977

Summary: CVE-2020-4977 is an stored cross-site scripting vulnerability in IBM Engineering Lifecycle Optimization - Publishing. The issue affects the Web UI where arbitrary JavaScript could be embedded, potentially leading to credentials disclosure within a trusted session. The problem is associat...

5.4CVSS5.4AI score0.00495EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.65 views

CVE-2020-4732

CVE-2020-4732 is described in connected sources as an authorization-related information disclosure affecting IBM Engineering Test Management (ETM) and related IBM Jazz/Engineering products. The vulnerability allows an authenticated user to obtain sensitive information due to lack of security rest...

6.5CVSS6.5AI score0.00801EPSS
CVE
CVE
added 2021/06/02 8:40 p.m.65 views

CVE-2020-5030

CVE-2020-5030 is an XSS vulnerability in IBM Engineering Test Management (and IBM Jazz/Engineering platforms) affecting versions 7.0.0 and 7.0.1. The flaw allows an attacker to inject arbitrary JavaScript into the Web UI, potentially exposing credentials within a trusted session. The issue is doc...

5.4CVSS5.5AI score0.00495EPSS
CVE
CVE
added 2022/07/14 4:15 p.m.62 views

CVE-2021-39028

CVE-2021-39028 affects IBM Engineering Lifecycle Optimization components: IBM Publishing versions 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 are vulnerable to HTTP header injection via improper HOST header validation, enabling possible cross-site scripting, cache poisoning, or session hijacking. IBM p...

5.4CVSS5.2AI score0.00421EPSS
CVE
CVE
added 2016/08/08 1:0 a.m.54 views

CVE-2016-2914

CVE-2016-2914 affects IBM Rational Publishing Engine’s Document Builder in version 2.0.1 before ifix002. The issue is an unrestricted file upload caused by improper validation of file extensions, allowing a remote authenticated attacker to upload a malicious file and potentially execute code on t...

5.5CVSS5.8AI score0.01281EPSS
CVE
CVE
added 2016/08/08 1:0 a.m.53 views

CVE-2016-2912

CVE-2016-2912 is associated with IBM Rational Publishing Engine (RPENG) – Document Builder. The IBM Security Bulletin states that RPENG 2.0.1 before ifix002 is vulnerable to cross‑site scripting: a remote authenticated attacker can inject arbitrary script/HTML via a crafted URL due to insufficien...

5.4CVSS4.9AI score0.00615EPSS
CVE
CVE
added 2020/02/12 4:10 p.m.51 views

CVE-2019-4431

IBM Rational Publishing Engine (RPE) versions 6.0.6 and 6.0.6.1 are affected by a cross-site scripting vulnerability in the Web UI, allowing attackers to inject arbitrary JavaScript and potentially disclose credentials in a trusted session. Root cause: Web UI XSS; impact as described in CVE-2019-...

5.4CVSS5.4AI score0.00561EPSS
CVE
CVE
added 2019/01/04 3:0 p.m.50 views

CVE-2018-1951

The CVE applies to IBM Publishing Engine versions 2.1.2, 6.0.5, and 6.0.6, where a cross‑site scripting vulnerability could allow injection of arbitrary JavaScript into the Web UI, potentially leading to credentials disclosure within a trusted session. The CVSS v3.0 base score is 5.4 (MEDIUM), wi...

5.4CVSS5.2AI score0.00968EPSS
CVE
CVE
added 2022/07/14 4:15 p.m.50 views

CVE-2021-39019

CVE-2021-39019 affects IBM Engineering Lifecycle Optimization – Publishing components (versions 6.0.6, 6.0.6.1, 7.0, 7.0.1, 7.0.2). The root cause is information disclosure via HTTP GET to an authenticated user, disclosing highly sensitive information. Connected sources confirm an HTTP GET-based ...

6.5CVSS6AI score0.00705EPSS
CVE
CVE
added 2020/07/16 3:5 p.m.47 views

CVE-2020-4316

IBM Publishing Engine is affected by CVE-2020-4316 due to not setting the secure attribute on authorization tokens and session cookies. Impact: cookies may be exposed when a user visits an http link or a site embedding it, allowing eavesdropping of cookie values. Affected versions: IBM Publishing...

4.7CVSS4.3AI score0.01172EPSS
CVE
CVE
added 2018/03/02 5:0 p.m.45 views

CVE-2017-1787

The CVE-2017-1787 entry concerns IBM Publishing Engine versions 2.1.2 and 6.0.5 with an undisclosed vulnerability that could allow a local administrator to obtain hard-coded credentials. Affected products: Rational Publishing Engine 2.1.2 and 6.0.5. Root cause/impact: local privilege and credenti...

6.7CVSS6.2AI score0.00367EPSS
CVE
CVE
added 2018/10/12 12:0 p.m.45 views

CVE-2018-1533

IBM Rational Publishing Engine versions 6.0.5 and 6.0.6 are affected by a cross-site scripting vulnerability that lets an attacker embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. Affected products/versions: Rational Publishing Engi...

5.4CVSS5.2AI score0.0066EPSS
CVE
CVE
added 2019/01/04 3:0 p.m.41 views

CVE-2018-1657

IBM Publishing Engine versions 2.1.2, 6.0.5, and 6.0.6 are vulnerable to cross-site scripting (CWE) via the Web UI, allowing an attacker to embed arbitrary JavaScript and potentially disclose credentials in a trusted session. Remediation provided by IBM bulletin includes upgrading to later ifix p...

5.4CVSS5.2AI score0.00968EPSS
CVE
CVE
added 2018/10/12 12:0 p.m.38 views

CVE-2018-1534

IBM Rational Publishing Engine 6.0.5 and 6.0.6 are affected by a cross-site scripting (XSS) vulnerability in the Web UI that can let an attacker inject arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. The issue is tied to the Rational Publishing Engine...

5.4CVSS5.2AI score0.0066EPSS