Lucene search
K
IbmEngineering Lifecycle Optimization Publishing

12 matches found

CVE
CVE
added 2022/07/14 4:15 p.m.73 views

CVE-2021-39017

CVE-2021-39017 overview (IBM ELM Publishing) : The vulnerability arises from improper access controls in IBM Engineering Lifecycle Optimization - Publishing, allowing a remote attacker to upload arbitrary files. Affected versions are PUB 6.0.x and 7.0.x lines, including 6.0.6, 6.0.6.1, 7.0, 7.0.1...

6.5CVSS6.3AI score0.00773EPSS
CVE
CVE
added 2022/07/14 4:15 p.m.71 views

CVE-2021-39015

IBM Engineering Lifecycle Optimization - Publishing is affected by CVE-2021-39015. The vulnerability is a cross-site scripting flaw in IBM Publishing 7.0, 7.0.1, and 7.0.2 caused by lack of data checksum filtering/output of user-supplied data, allowing arbitrary JavaScript in the Web UI and poten...

5.4CVSS5.2AI score0.00421EPSS
CVE
CVE
added 2025/01/04 2:37 p.m.70 views

CVE-2024-41766

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 are affected by CVE-2024-41766. A remote attacker can cause a denial of service by supplying a complex regular expression, leading to high availability impact. Affected products and versions: PUB 7.0.2 and 7.0.3. Root cause: inef...

7.5CVSS7.4AI score0.00469EPSS
CVE
CVE
added 2022/07/14 4:15 p.m.68 views

CVE-2021-39016

CVE-2021-39016 affects IBM Engineering Lifecycle Optimization - Publishing across multiple releases (PUB 7.0, 7.0.1, 7.0.2 and RPE 6.0.6, 6.0.6.1). The issue is inadequate monitoring/controlling of transmitted network traffic volume, allowing an actor to cause the software to transmit more traffi...

4.3CVSS4.5AI score0.00496EPSS
CVE
CVE
added 2022/07/14 4:15 p.m.68 views

CVE-2021-39018

IBM Engineering Lifecycle Optimization - Publishing (Document Builder) contains a SQL injection-related information disclosure (CVE-2021-39018) affecting PUB 7.0, 7.0.1, 7.0.2 and RPE 6.0.6, 6.0.6.1. The root cause is missing UI validation in the Folder Name field, allowing sensitive data to be d...

4.3CVSS4.5AI score0.00547EPSS
CVE
CVE
added 2022/07/14 4:15 p.m.62 views

CVE-2021-39028

CVE-2021-39028 affects IBM Engineering Lifecycle Optimization components: IBM Publishing versions 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 are vulnerable to HTTP header injection via improper HOST header validation, enabling possible cross-site scripting, cache poisoning, or session hijacking. IBM p...

5.4CVSS5.2AI score0.00421EPSS
CVE
CVE
added 2025/01/04 2:38 p.m.59 views

CVE-2024-41763

IBM Engineering Lifecycle Optimization Publishing versions 7.0.2 and 7.0.3 are affected by a cryptographic weakness that could allow an attacker to decrypt highly sensitive information. The issue stems from weaker-than-expected cryptographic algorithms used in PUB, as described in multiple connec...

7.5CVSS5.6AI score0.00198EPSS
CVE
CVE
added 2025/01/04 2:26 p.m.57 views

CVE-2024-41768

CVE-2024-41768 affects IBM Engineering Lifecycle Optimization - Publishing, versions 7.0.2 and 7.0.3. The root cause is improper SSL/TLS error handling that can cause an unhandled SSL exception, leaving a connection in an unexpected or insecure state. Public references confirm affected products/v...

6.5CVSS6.3AI score0.00401EPSS
CVE
CVE
added 2025/01/04 2:27 p.m.56 views

CVE-2024-41767

CVE-2024-41767 affects IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3. The issue is a SQL injection in the component that constructs SQL commands from externally-controlled input, enabling a remote attacker to view, add, modify, or delete records in the back-end data...

7.3CVSS7.4AI score0.00308EPSS
CVE
CVE
added 2025/01/04 2:36 p.m.53 views

CVE-2024-41765

CVE-2024-41765 affects IBM Engineering Lifecycle Optimization - Publishing (PUB) versions 7.0.2 and 7.0.3. A path traversal vulnerability allows remote attackers to view arbitrary files by sending specially crafted URLs containing dot-dot sequences (/../). IBM’s bulletin specifies CWE-22 (Path Tr...

6.5CVSS6.4AI score0.00587EPSS
CVE
CVE
added 2022/07/14 4:15 p.m.50 views

CVE-2021-39019

CVE-2021-39019 affects IBM Engineering Lifecycle Optimization – Publishing components (versions 6.0.6, 6.0.6.1, 7.0, 7.0.1, 7.0.2). The root cause is information disclosure via HTTP GET to an authenticated user, disclosing highly sensitive information. Connected sources confirm an HTTP GET-based ...

6.5CVSS6AI score0.00705EPSS
CVE
CVE
added 2024/06/09 12:15 p.m.48 views

CVE-2023-45188

The CVE-2023-45188 issue affects IBM Engineering Lifecycle Optimization - Publishing, versions 7.0.2 and 7.0.3. Root cause: improper validation of file extensions allows a remote attacker to upload arbitrary files, which could lead to arbitrary code execution on the vulnerable system. Mitigations...

9.8CVSS6.8AI score0.00651EPSS