45 matches found
CVE-2020-4697
CVE-2020-4697 is a cross-site scripting vulnerability in IBM Jazz Foundation and related IBM Engineering products (notably IBM Engineering Workflow Management). The Web UI can be affected by an attacker embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted...
CVE-2020-4544
IBM CVE-2020-4544 describes an information-disclosure vulnerability in IBM Jazz Foundation where a remote attacker could obtain sensitive data from detailed technical error messages returned by the browser. The issue affects IBM Jazz Foundation products within the IBM Engineering Lifecycle Manage...
CVE-2020-4733
The CVE-2020-4733 entry corresponds to a cross-site scripting vulnerability in IBM Jazz Foundation/Engineering products (IBM Engineering Test Management and related Web UI components). The IBM Security Bulletin lists affected products and versions, noting that an attacker could embed arbitrary Ja...
CVE-2020-4487
Summary: The CVE-2020-4487 issue affects IBM Jazz Foundation and related IBM Engineering Lifecycle Management products (e.g., ELM, DOORS Next, ENI, EWM, RTC, RMM, RDM, RQM, ELN) where a remote attacker could obtain sensitive information from a detailed technical error message returned by a browse...
CVE-2021-20346
CVE-2021-20346 affects IBM Jazz Foundation and IBM Engineering products, with a server-side request forgery (SSRF) flaw that could allow an authenticated attacker to send unauthorized requests from the system, potentially enabling network enumeration. The vulnerability is discussed across multipl...
CVE-2020-4691
CVE-2020-4691 is an XSS vulnerability in IBM Jazz Foundation products (and related IBM Engineering Workflow Management components) where an attacker could embed arbitrary JavaScript in the Web UI, potentially exposing credentials in a trusted session. The connected IBM security bulletin lists aff...
CVE-2021-20347
CVE-2021-20347 : IBM Jazz Foundation and IBM Engineering products are affected by a server-side request forgery (SSRF). The description notes authenticated attackers could cause the system to send unauthorized requests, enabling network enumeration or other attacks. The IBM bulletin (and CNVD/NVD...
CVE-2021-20338
Summary: CVE-2021-20338 is a cross-site scripting vulnerability affecting IBM Jazz Foundation and IBM Engineering products, including IBM Engineering Test Management. Public disclosures reference a Web UI XSS that can allow an attacker to embed arbitrary JavaScript, potentially leading to credent...
CVE-2020-4495
CVE-2020-4495 concerns IBM Jazz Foundation and IBM Engineering products where an improper access control in the REST API allows a remote attacker to bypass restrictions and perform arbitrary actions with administrative privileges. The vulnerability affects multiple IBM Engineering product lines (...
CVE-2021-20343
CVE-2021-20343 describes a server-side request forgery (SSRF) vulnerability affecting IBM Jazz Foundation and multiple IBM Engineering products (e.g., DOORS Next, RDNG, PUB, RQM, ETM, CLM, ELM, ENI, RMM, RELM, RDM, etc.). The underlying issue enables an authenticated attacker to cause the system ...
CVE-2021-20345
This CVE-2021-20345 describes a server-side request forgery (SSRF) vulnerability affecting IBM Jazz Foundation and IBM Engineering products. Affected components include DOORS Next, RDNG, PUB, RQM, ETM, CLM, ELM, RMM, RELM, ENI and related Deployments (versions listed in the Affected Products and ...
CVE-2021-20348
CVE-2021-20348 describes a server-side request forgery (SSRF) affecting IBM Jazz Foundation and IBM Engineering products. An authenticated attacker could issue unauthorized requests from the system, enabling network enumeration or related abuse. Connected sources enumerate affected products (DOOR...
CVE-2021-20371
CVE-2021-20371 describes an information-disclosure vulnerability in IBM Jazz Foundation and IBM Engineering products where error messages returned in the browser could reveal sensitive data. Affected products include IBM Jazz Foundation and Engineering Lifecycle Management suite (ELM) and related...
CVE-2021-29670
CVE-2021-29670 is a cross-site scripting vulnerability affecting IBM Jazz Foundation and IBM Engineering products (including Engineering Insights, DOORS Next, RQM, ETM, EWM, ELN, etc.). The issue allows an attacker to embed arbitrary JavaScript in the Web UI, potentially altering functionality an...
CVE-2021-29668
CVE-2021-29668 is a cross-site scripting (XSS) vulnerability affecting IBM Jazz Foundation and IBM Engineering products (ELM/DOORS Next/RQM/ETM/ENI/RMM/etc.). The WEB UI fails to validate user-supplied data, allowing an attacker to inject JavaScript and potentially disclose credentials within a t...
CVE-2023-43054
CVE-2023-43054 affects IBM Engineering Test Management (ETM) 7.0.2 and 7.0.3. The flaw is a stored cross‑site scripting (XSS) vulnerability in the Web UI that lets an attacker embed arbitrary JavaScript, potentially altering functionality and leading to credentials disclosure within a trusted ses...
CVE-2021-38934
IBM Engineering Test Management is vulnerable to cross-site scripting in the Web UI due to unencoded custom values for Execution States on ETM 7.0, 7.0.1, and 7.0.2 (impacting items shown on TCER pages). Exploitation could allow arbitrary JavaScript in a trusted session, potentially leading to cr...
CVE-2020-4977
Summary: CVE-2020-4977 is an stored cross-site scripting vulnerability in IBM Engineering Lifecycle Optimization - Publishing. The issue affects the Web UI where arbitrary JavaScript could be embedded, potentially leading to credentials disclosure within a trusted session. The problem is associat...
CVE-2020-4445
CVE-2020-4445 affects IBM Jazz Team Server based applications with a cross-site scripting vulnerability in the WEB UI. The issue enables embedding arbitrary JavaScript in the Web UI, potentially leading to credential disclosure within a trusted session. The vulnerability is identified across mult...
CVE-2020-4732
CVE-2020-4732 is described in connected sources as an authorization-related information disclosure affecting IBM Engineering Test Management (ETM) and related IBM Jazz/Engineering products. The vulnerability allows an authenticated user to obtain sensitive information due to lack of security rest...
CVE-2020-5030
CVE-2020-5030 is an XSS vulnerability in IBM Engineering Test Management (and IBM Jazz/Engineering platforms) affecting versions 7.0.0 and 7.0.1. The flaw allows an attacker to inject arbitrary JavaScript into the Web UI, potentially exposing credentials within a trusted session. The issue is doc...
CVE-2020-4856
CVE-2020-4856 is a stored cross-site scripting vulnerability in IBM Engineering products, notably IBM Engineering DOORS Next (and related ELN/LRM/RQM/EWM/RTC families). The Web UI can embed arbitrary JavaScript, potentially altering functionality and leading to credentials disclosure within a tru...
CVE-2021-20357
CVE-2021-20357 affects IBM Jazz Foundation products with a cross-site scripting vulnerability in the Web UI that could allow an attacker to embed arbitrary JavaScript and, in a trusted session, potentially disclose credentials. Connected sources corroborate a Web UI XSS across multiple IBM Jazz/F...
CVE-2020-4522
IBM Jazz Team Server based Applications are affected by a cross-site scripting vulnerability (CVE-2020-4522) in the Web UI, potentially enabling an attacker to inject arbitrary JavaScript and cause credentials disclosure within a trusted session. Affected products include IBM Engineering DOORS Ne...
CVE-2021-20351
CVE-2021-20351 describes a cross-site scripting vulnerability in IBM Engineering products, allowing attackers to inject arbitrary JavaScript via the Web UI and potentially disclose credentials within a trusted session. The issue affects multiple IBM Engineering products in the Engineering Lifecyc...
CVE-2021-20350
CVE-2021-20350 affects IBM Engineering products, notably the IBM Engineering Requirements Quality Assistant (and related EL/DOORS/RQM/EWM components). The vulnerability is a cross-site scripting flaw in the Web UI that could allow an attacker to inject arbitrary JavaScript, potentially leading to...
CVE-2020-4857
CVE-2020-4857 is a stored cross-site scripting vulnerability affecting IBM Engineering products (DOORS Next, RDNG, EWM, RTC, ETM, RQM, RQA On-Prem, and related components). The root cause is improper sanitization in the Web UI that allows an attacker to embed arbitrary JavaScript in the browser, ...
CVE-2020-4866
CVE-2020-4866 is an IBM Engineering-related cross-site scripting vulnerability affecting multiple IBM Jazz Team Server family products (e.g., EWM, DOORS Next, RDNG, RTC, RQM, GCM, ETM, RQM, EWM, etc.). The issue targets the Web UI, enabling an attacker to embed arbitrary JavaScript and potentiall...
CVE-2021-20340
CVE-2021-20340 affects IBM Engineering products including Engineering Test Management (ETM), DOORS Next, RDNG, EWM, RTC, and related IBM Jazz-based tooling. The vulnerability is a cross-site scripting flaw in the Web UI that could allow an attacker to embed arbitrary JavaScript, potentially leadi...
CVE-2021-20519
CVE-2021-20519 affects IBM Jazz Team Server products with a cross-site scripting flaw in the Web UI that can allow attackers to embed arbitrary JavaScript and potentially disclose credentials in a trusted session. Public details consistently describe the impact as UI manipulation and credential e...
CVE-2020-4865
CVE-2020-4865 is a cross-site scripting vulnerability in IBM Jazz Foundation products (notably IBM Engineering Workflow Management and related IBM Jazz Team Server components) where attackers could inject arbitrary JavaScript into the Web UI, potentially leaking credentials within a trusted sessi...
CVE-2019-4748
CVE-2019-4748 affects IBM Jazz Team Server based Applications. The vulnerability is a cross-site scripting issue in the Web UI that could allow an attacker to inject arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. The IBM Security Bulletin lists multi...
CVE-2020-4863
CVE-2020-4863 affects IBM Engineering products (e.g., RDNG, DOORS Next, EWM, ETM, RQM, RTC and related IBM Jazz-based apps). The issue is a stored cross-site scripting in the Web UI that could lead to credentials disclosure in a trusted session. Affected versions span multiple 6.0.x–7.0.x release...
CVE-2020-4920
CVE-2020-4920 affects IBM Jazz Team Server. Public details in connected CNVD/NVD entries describe a stored cross-site scripting vulnerability in the Jazz Team Server Web UI that can lead to credential disclosure within a trusted session. Remediation in the IBM bulletin section recommends upgradin...
CVE-2020-4965
CVE-2020-4965 affects IBM Jazz Team Server / Jazz Foundation (IBM Engineering Lifecycle Management). The vulnerability stems from weaker-than-expected cryptographic algorithms that could allow decrypting highly sensitive information. Public scoring varies: CVSSv3.1 base 7.5 (Network, High impact ...
CVE-2020-4975
CVE-2020-4975 is an XSS vulnerability in IBM Engineering products (ELM family) where unauthenticated web UI inputs can inject arbitrary JavaScript, potentially exposing credentials within a trusted session. Affected products/versions include RDNG (6.0.2, 6.0.6.1/6.0.6/6.0.2), DOORS Next (7.0, 7.0...
CVE-2020-5004
CVE-2020-5004 is a cross-site scripting vulnerability in IBM Jazz Foundation Web UI that could allow an attacker to embed arbitrary JavaScript and potentially disclose credentials in a trusted session. The issue affects IBM Jazz Foundation–based products (as listed in IBM advisories) and is refle...
CVE-2020-4855
The CVE-2020-4855 issue affects IBM Jazz Foundation products and is a cross-site scripting vulnerability in the Web UI that could enable an attacker to inject arbitrary JavaScript and potentially disclose credentials in a trusted session. Affected components include IBM Jazz Team Server family (E...
CVE-2020-4974
CVE-2020-4974 affects IBM Jazz Foundation and multiple IBM Engineering products (EWM, DOORS Next, RTC, RDNG, RQM, ELN/ENI/RELM/ELM, etc.). The vulnerability is Server-Side Request Forgery (SSRF) that an authenticated attacker could exploit to cause the system to send unauthorized requests, enabli...
CVE-2020-4524
CVE-2020-4524 concerns an IBM Jazz Foundation cross-site scripting vulnerability in the Web UI that can allow embedding arbitrary JavaScript and potentially disclose credentials within a trusted session. The issue affects IBM Jazz Foundation family products (and related IBM ELM/RTC/RM components)...
CVE-2020-4964
CVE-2020-4964 affects IBM Jazz Team Server and related IBM Engineering Lifecycle Management components. The vulnerability is described as an undisclosed issue allowing an authenticated user to display a customized message within the application to phish other users. Public details from IBM’s bull...
CVE-2020-4546
CVE-2020-4546 is an XSS vulnerability in IBM Jazz Team Server Web UI affecting multiple Jazz-based applications (ELM, DOORS Next, ENI, EWM, RQM, CLM, etc.). The root cause is arbitrary JavaScript/HTML injection in the Web UI, enabling credential exposure within a trusted session. The IBM security...
CVE-2020-4547
IBM Jazz Foundation products are affected by CVE-2020-4547, a remote, click-hijacking vulnerability where誘 users are tricked into visiting a malicious site, enabling an attacker to hijack the victim’s clicking actions and potentially launch further attacks. Affected stack spans IBM Jazz Team Serv...
CVE-2020-4396
CVE-2020-4396 affects IBM Jazz Foundation and IBM Engineering products; a cross-site scripting flaw in the Web UI could allow embedding arbitrary JavaScript and potentially disclose credentials within a trusted session. The IBM bulletin lists multiple affected apps (RQM, ETM, EWM, DOORS Next, etc...
CVE-2020-4410
CVE-2020-4410 affects IBM Jazz Foundation and IBM Engineering products, enabling an authenticated user to read attachments they should not access via a specially crafted HTTP GET request. Public details from IBM bulletin and CNVD corroborate an information-disclosure flaw in IBM Engineering Test ...