12 matches found
CVE-2021-39017
CVE-2021-39017 overview (IBM ELM Publishing) : The vulnerability arises from improper access controls in IBM Engineering Lifecycle Optimization - Publishing, allowing a remote attacker to upload arbitrary files. Affected versions are PUB 6.0.x and 7.0.x lines, including 6.0.6, 6.0.6.1, 7.0, 7.0.1...
CVE-2021-39015
IBM Engineering Lifecycle Optimization - Publishing is affected by CVE-2021-39015. The vulnerability is a cross-site scripting flaw in IBM Publishing 7.0, 7.0.1, and 7.0.2 caused by lack of data checksum filtering/output of user-supplied data, allowing arbitrary JavaScript in the Web UI and poten...
CVE-2024-41766
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 are affected by CVE-2024-41766. A remote attacker can cause a denial of service by supplying a complex regular expression, leading to high availability impact. Affected products and versions: PUB 7.0.2 and 7.0.3. Root cause: inef...
CVE-2021-39016
CVE-2021-39016 affects IBM Engineering Lifecycle Optimization - Publishing across multiple releases (PUB 7.0, 7.0.1, 7.0.2 and RPE 6.0.6, 6.0.6.1). The issue is inadequate monitoring/controlling of transmitted network traffic volume, allowing an actor to cause the software to transmit more traffi...
CVE-2021-39018
IBM Engineering Lifecycle Optimization - Publishing (Document Builder) contains a SQL injection-related information disclosure (CVE-2021-39018) affecting PUB 7.0, 7.0.1, 7.0.2 and RPE 6.0.6, 6.0.6.1. The root cause is missing UI validation in the Folder Name field, allowing sensitive data to be d...
CVE-2021-39028
CVE-2021-39028 affects IBM Engineering Lifecycle Optimization components: IBM Publishing versions 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 are vulnerable to HTTP header injection via improper HOST header validation, enabling possible cross-site scripting, cache poisoning, or session hijacking. IBM p...
CVE-2024-41763
IBM Engineering Lifecycle Optimization Publishing versions 7.0.2 and 7.0.3 are affected by a cryptographic weakness that could allow an attacker to decrypt highly sensitive information. The issue stems from weaker-than-expected cryptographic algorithms used in PUB, as described in multiple connec...
CVE-2024-41768
CVE-2024-41768 affects IBM Engineering Lifecycle Optimization - Publishing, versions 7.0.2 and 7.0.3. The root cause is improper SSL/TLS error handling that can cause an unhandled SSL exception, leaving a connection in an unexpected or insecure state. Public references confirm affected products/v...
CVE-2024-41767
CVE-2024-41767 affects IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3. The issue is a SQL injection in the component that constructs SQL commands from externally-controlled input, enabling a remote attacker to view, add, modify, or delete records in the back-end data...
CVE-2024-41765
CVE-2024-41765 affects IBM Engineering Lifecycle Optimization - Publishing (PUB) versions 7.0.2 and 7.0.3. A path traversal vulnerability allows remote attackers to view arbitrary files by sending specially crafted URLs containing dot-dot sequences (/../). IBM’s bulletin specifies CWE-22 (Path Tr...
CVE-2021-39019
CVE-2021-39019 affects IBM Engineering Lifecycle Optimization – Publishing components (versions 6.0.6, 6.0.6.1, 7.0, 7.0.1, 7.0.2). The root cause is information disclosure via HTTP GET to an authenticated user, disclosing highly sensitive information. Connected sources confirm an HTTP GET-based ...
CVE-2023-45188
The CVE-2023-45188 issue affects IBM Engineering Lifecycle Optimization - Publishing, versions 7.0.2 and 7.0.3. Root cause: improper validation of file extensions allows a remote attacker to upload arbitrary files, which could lead to arbitrary code execution on the vulnerable system. Mitigations...