Lucene search
K
IbmEngineering Workflow Management

48 matches found

CVE
CVE
added 2021/01/08 8:40 p.m.86 views

CVE-2020-4697

CVE-2020-4697 is a cross-site scripting vulnerability in IBM Jazz Foundation and related IBM Engineering products (notably IBM Engineering Workflow Management). The Web UI can be affected by an attacker embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted...

5.4CVSS5.1AI score0.00554EPSS
CVE
CVE
added 2021/01/08 8:40 p.m.82 views

CVE-2020-4544

IBM CVE-2020-4544 describes an information-disclosure vulnerability in IBM Jazz Foundation where a remote attacker could obtain sensitive data from detailed technical error messages returned by the browser. The issue affects IBM Jazz Foundation products within the IBM Engineering Lifecycle Manage...

4.3CVSS4.4AI score0.00982EPSS
CVE
CVE
added 2021/01/08 8:40 p.m.82 views

CVE-2020-4733

The CVE-2020-4733 entry corresponds to a cross-site scripting vulnerability in IBM Jazz Foundation/Engineering products (IBM Engineering Test Management and related Web UI components). The IBM Security Bulletin lists affected products and versions, noting that an attacker could embed arbitrary Ja...

5.4CVSS5.1AI score0.00554EPSS
CVE
CVE
added 2021/01/08 8:40 p.m.81 views

CVE-2020-4487

Summary: The CVE-2020-4487 issue affects IBM Jazz Foundation and related IBM Engineering Lifecycle Management products (e.g., ELM, DOORS Next, ENI, EWM, RTC, RMM, RDM, RQM, ELN) where a remote attacker could obtain sensitive information from a detailed technical error message returned by a browse...

4.3CVSS4.4AI score0.00982EPSS
CVE
CVE
added 2021/01/08 8:40 p.m.74 views

CVE-2020-4691

CVE-2020-4691 is an XSS vulnerability in IBM Jazz Foundation products (and related IBM Engineering Workflow Management components) where an attacker could embed arbitrary JavaScript in the Web UI, potentially exposing credentials in a trusted session. The connected IBM security bulletin lists aff...

5.4CVSS5.1AI score0.00554EPSS
CVE
CVE
added 2024/05/28 12:0 p.m.71 views

CVE-2024-28793

IBM Engineering Workflow Management (EWM) versions 7.0.2 and 7.0.3 are vulnerable to a stored cross-site scripting flaw in the Team Concert Git Jenkins plugin, caused by insufficient input cleanup and output escaping in the Web UI. This could allow injection of arbitrary JavaScript that may lead ...

5.4CVSS5AI score0.00327EPSS
CVE
CVE
added 2021/03/30 4:45 p.m.68 views

CVE-2021-20447

CVE-2021-20447 affects IBM Jazz Foundation products with a cross-site scripting (XSS) vulnerability in the Web UI that can allow embedding arbitrary JavaScript and potentially lead to credentials disclosure within a trusted session. Connected sources confirm affected components such as IBM Engine...

5.4CVSS5.5AI score0.00502EPSS
CVE
CVE
added 2021/03/30 4:45 p.m.68 views

CVE-2021-20506

CVE-2021-20506 concerns IBM Jazz Foundation products (notably IBM Engineering Workflow Management, IBM Engineering Lifecycle Optimization – Engineering Insights, IBM Engineering Requirements Quality Assistant On-Premises, among others) suffering from cross-site scripting in the Web UI that could ...

5.4CVSS5.5AI score0.00502EPSS
CVE
CVE
added 2021/07/19 4:0 p.m.64 views

CVE-2021-20507

The CVE-2021-20507 entry affects IBM Jazz Foundation and IBM Engineering products, where a cross-site scripting flaw allows embedding arbitrary JavaScript in the Web UI, potentially exposing credentials within a trusted session. The vulnerability centers on Web UI script execution enabled by the ...

5.4CVSS5.3AI score0.00495EPSS
CVE
CVE
added 2020/09/02 6:25 p.m.63 views

CVE-2020-4445

CVE-2020-4445 affects IBM Jazz Team Server based applications with a cross-site scripting vulnerability in the WEB UI. The issue enables embedding arbitrary JavaScript in the Web UI, potentially leading to credential disclosure within a trusted session. The vulnerability is identified across mult...

5.4CVSS5.2AI score0.00561EPSS
CVE
CVE
added 2021/03/30 4:45 p.m.62 views

CVE-2021-20518

The CVE-2021-20518 issue affects IBM Jazz Foundation products (EWM, RTC, RELM, ENI, and IBM Engineering Requirements Quality Assistant On-Premises). It is described as a cross-site scripting vulnerability allowing an attacker to embed arbitrary JavaScript in the Web UI, with potential credential ...

5.4CVSS5.5AI score0.00502EPSS
CVE
CVE
added 2021/03/30 4:45 p.m.62 views

CVE-2021-20520

CVE-2021-20520 is an IBM Jazz Foundation cross-site scripting (XSS) vulnerability affecting IBM Jazz Team Server based applications. The issue allows an attacker to inject arbitrary JavaScript into the Web UI, potentially exposing credentials within a trusted session. Affected products/versions i...

5.4CVSS5.5AI score0.00502EPSS
CVE
CVE
added 2022/01/11 4:25 p.m.61 views

CVE-2021-29701

CVE-2021-29701 affects IBM Engineering Workflow Management (EWM) versions 7.0, 7.0.1, 7.0.2 and IBM Rational Team Concert (RTC) 6.0.6 and 6.0.6.1. The vulnerability allows an authenticated attacker to obtain sensitive information from build definitions, enabling potential follow-on attacks. Root ...

4.3CVSS4.1AI score0.00704EPSS
CVE
CVE
added 2021/10/27 4:0 p.m.61 views

CVE-2021-29774

Summary: CVE-2021-29774 affects IBM Jazz Team Server family (including CLM, ELM, DOORS Next, RTC, EWM, Rhapsody) where an authenticated user could obtain elevated privileges under certain configurations. The root cause is insufficient validation of user privileges, enabling privilege escalation w...

7.5CVSS7.5AI score0.0095EPSS
CVE
CVE
added 2021/03/04 7:5 p.m.60 views

CVE-2020-4856

CVE-2020-4856 is a stored cross-site scripting vulnerability in IBM Engineering products, notably IBM Engineering DOORS Next (and related ELN/LRM/RQM/EWM/RTC families). The Web UI can embed arbitrary JavaScript, potentially altering functionality and leading to credentials disclosure within a tru...

6.4CVSS5.4AI score0.00539EPSS
CVE
CVE
added 2021/03/30 4:45 p.m.60 views

CVE-2021-20352

Summary (CVE-2021-20352) : IBM Jazz Foundation products are vulnerable to cross-site scripting that can let an attacker embed arbitrary JavaScript in the Web UI, potentially disclosing credentials within a trusted session. The vulnerability affects multiple IBM Jazz-related products/versions, inc...

5.4CVSS5.5AI score0.00502EPSS
CVE
CVE
added 2021/01/27 4:15 p.m.60 views

CVE-2021-20357

CVE-2021-20357 affects IBM Jazz Foundation products with a cross-site scripting vulnerability in the Web UI that could allow an attacker to embed arbitrary JavaScript and, in a trusted session, potentially disclose credentials. Connected sources corroborate a Web UI XSS across multiple IBM Jazz/F...

5.4CVSS5.2AI score0.00665EPSS
CVE
CVE
added 2021/03/30 4:45 p.m.60 views

CVE-2021-20504

CVE-2021-20504 affects IBM Jazz Foundation products with a cross-site scripting vulnerability in the Web UI that could lead to credentials disclosure in a trusted session. Affected products/versions include IBM Engineering Workflow Management (EWM) 7.0, 7.0.1, 7.0.2; IBM Engineering Lifecycle Opt...

5.4CVSS5.5AI score0.00502EPSS
CVE
CVE
added 2020/09/02 6:25 p.m.58 views

CVE-2020-4522

IBM Jazz Team Server based Applications are affected by a cross-site scripting vulnerability (CVE-2020-4522) in the Web UI, potentially enabling an attacker to inject arbitrary JavaScript and cause credentials disclosure within a trusted session. Affected products include IBM Engineering DOORS Ne...

5.4CVSS5.2AI score0.00561EPSS
CVE
CVE
added 2021/03/04 7:5 p.m.58 views

CVE-2021-20351

CVE-2021-20351 describes a cross-site scripting vulnerability in IBM Engineering products, allowing attackers to inject arbitrary JavaScript via the Web UI and potentially disclose credentials within a trusted session. The issue affects multiple IBM Engineering products in the Engineering Lifecyc...

5.4CVSS5.3AI score0.00541EPSS
CVE
CVE
added 2021/03/04 7:5 p.m.57 views

CVE-2020-4857

CVE-2020-4857 is a stored cross-site scripting vulnerability affecting IBM Engineering products (DOORS Next, RDNG, EWM, RTC, ETM, RQM, RQA On-Prem, and related components). The root cause is improper sanitization in the Web UI that allows an attacker to embed arbitrary JavaScript in the browser, ...

6.4CVSS5.4AI score0.0068EPSS
CVE
CVE
added 2021/03/04 7:5 p.m.57 views

CVE-2021-20350

CVE-2021-20350 affects IBM Engineering products, notably the IBM Engineering Requirements Quality Assistant (and related EL/DOORS/RQM/EWM components). The vulnerability is a cross-site scripting flaw in the Web UI that could allow an attacker to inject arbitrary JavaScript, potentially leading to...

5.4CVSS5.5AI score0.00541EPSS
CVE
CVE
added 2021/03/30 4:45 p.m.56 views

CVE-2021-20502

IBM Jazz Foundation Products are affected by an XML External Entity (XXE) vulnerability in XML processing (CVE-2021-20502). Impact could include exposure of sensitive data or memory/resource exhaustion. Affected offerings include EWM, RTC, RELM, ENI, and IBM Engineering Requirements Quality Assis...

7.1CVSS7.2AI score0.01398EPSS
CVE
CVE
added 2021/03/04 7:5 p.m.55 views

CVE-2020-4866

CVE-2020-4866 is an IBM Engineering-related cross-site scripting vulnerability affecting multiple IBM Jazz Team Server family products (e.g., EWM, DOORS Next, RDNG, RTC, RQM, GCM, ETM, RQM, EWM, etc.). The issue targets the Web UI, enabling an attacker to embed arbitrary JavaScript and potentiall...

5.4CVSS5.5AI score0.00539EPSS
CVE
CVE
added 2021/07/19 4:0 p.m.55 views

CVE-2020-5031

CVE-2020-5031 concerns cross-site scripting in IBM Jazz Foundation and IBM Engineering products. Multiple connected sources describe that an attacker could embed arbitrary JavaScript in the Web UI, potentially altering functionality and leading to credentials disclosure within a trusted session. ...

5.4CVSS5.2AI score0.00495EPSS
CVE
CVE
added 2021/03/04 7:5 p.m.55 views

CVE-2021-20340

CVE-2021-20340 affects IBM Engineering products including Engineering Test Management (ETM), DOORS Next, RDNG, EWM, RTC, and related IBM Jazz-based tooling. The vulnerability is a cross-site scripting flaw in the Web UI that could allow an attacker to embed arbitrary JavaScript, potentially leadi...

5.4CVSS5.5AI score0.00539EPSS
CVE
CVE
added 2021/10/27 4:0 p.m.55 views

CVE-2021-29673

The CVE-2021-29673 entry describes a cross-site scripting (XSS) vulnerability in IBM Jazz Team Server products, allowing an attacker to inject arbitrary JavaScript into the Web UI and potentially disclose credentials within a trusted session. Affected IBM Jazz components include CLM, DOORS Next, ...

5.4CVSS5.6AI score0.0048EPSS
CVE
CVE
added 2021/04/12 6:0 p.m.54 views

CVE-2021-20519

CVE-2021-20519 affects IBM Jazz Team Server products with a cross-site scripting flaw in the Web UI that can allow attackers to embed arbitrary JavaScript and potentially disclose credentials in a trusted session. Public details consistently describe the impact as UI manipulation and credential e...

5.4CVSS5.6AI score0.0062EPSS
CVE
CVE
added 2021/03/30 4:45 p.m.53 views

CVE-2021-20503

CVE-2021-20503 concerns IBM Jazz Foundation products and is described as a cross-site scripting vulnerability that could allow an attacker to embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. The initial and linked records indicate a...

5.4CVSS5.5AI score0.00502EPSS
CVE
CVE
added 2021/10/27 4:0 p.m.53 views

CVE-2021-29844

CVE-2021-29844 affects IBM Jazz Team Server family (including CLM, DOORS Next, ELM, EWM, RTC, and related IBM Engineering products). The vulnerability is a server-side request forgery (SSRF) due to insufficient validation of user input, enabling an authenticated attacker to cause the server to se...

8.8CVSS8.7AI score0.00573EPSS
CVE
CVE
added 2020/08/04 4:0 p.m.52 views

CVE-2020-4525

CVE-2020-4525 is a cross-site scripting vulnerability in IBM Jazz Foundation and IBM Engineering products, allowing an attacker to embed arbitrary JavaScript in the Web UI and potentially disclose credentials within a trusted session. The vulnerability is described in the NVD entry for CVE-2020-4...

5.4CVSS5.6AI score0.00561EPSS
CVE
CVE
added 2021/01/27 4:15 p.m.52 views

CVE-2020-4865

CVE-2020-4865 is a cross-site scripting vulnerability in IBM Jazz Foundation products (notably IBM Engineering Workflow Management and related IBM Jazz Team Server components) where attackers could inject arbitrary JavaScript into the Web UI, potentially leaking credentials within a trusted sessi...

5.4CVSS5.2AI score0.00665EPSS
CVE
CVE
added 2020/07/16 3:5 p.m.51 views

CVE-2019-4747

The CVE-2019-4747 entry concerns IBM Team Concert (RTC). The vulnerability is a cross-site scripting flaw in the Web UI that could allow an attacker to embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. Key details from the connected IBM bulletin a...

5.4CVSS5.3AI score0.00561EPSS
CVE
CVE
added 2020/07/16 3:5 p.m.51 views

CVE-2019-4748

CVE-2019-4748 affects IBM Jazz Team Server based Applications. The vulnerability is a cross-site scripting issue in the Web UI that could allow an attacker to inject arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. The IBM Security Bulletin lists multi...

5.4CVSS5.2AI score0.00561EPSS
CVE
CVE
added 2021/03/04 7:5 p.m.51 views

CVE-2020-4863

CVE-2020-4863 affects IBM Engineering products (e.g., RDNG, DOORS Next, EWM, ETM, RQM, RTC and related IBM Jazz-based apps). The issue is a stored cross-site scripting in the Web UI that could lead to credentials disclosure in a trusted session. Affected versions span multiple 6.0.x–7.0.x release...

6.4CVSS5.4AI score0.00539EPSS
CVE
CVE
added 2021/04/12 6:0 p.m.51 views

CVE-2020-4920

CVE-2020-4920 affects IBM Jazz Team Server. Public details in connected CNVD/NVD entries describe a stored cross-site scripting vulnerability in the Jazz Team Server Web UI that can lead to credential disclosure within a trusted session. Remediation in the IBM bulletin section recommends upgradin...

6.4CVSS5.5AI score0.0062EPSS
CVE
CVE
added 2021/04/12 6:0 p.m.51 views

CVE-2020-4965

CVE-2020-4965 affects IBM Jazz Team Server / Jazz Foundation (IBM Engineering Lifecycle Management). The vulnerability stems from weaker-than-expected cryptographic algorithms that could allow decrypting highly sensitive information. Public scoring varies: CVSSv3.1 base 7.5 (Network, High impact ...

7.5CVSS7.6AI score0.00719EPSS
CVE
CVE
added 2021/03/04 7:5 p.m.51 views

CVE-2020-4975

CVE-2020-4975 is an XSS vulnerability in IBM Engineering products (ELM family) where unauthenticated web UI inputs can inject arbitrary JavaScript, potentially exposing credentials within a trusted session. Affected products/versions include RDNG (6.0.2, 6.0.6.1/6.0.6/6.0.2), DOORS Next (7.0, 7.0...

5.4CVSS5.5AI score0.00539EPSS
CVE
CVE
added 2021/10/27 4:0 p.m.51 views

CVE-2021-29786

CVE-2021-29786 describes an information-disclosure flaw in IBM Jazz Team Server products where user credentials are stored in plaintext and readable by an authenticated user. The vulnerability affects IBM Jazz Team Server family components (including CLM, ELM, DOORS Next, RTC, EWM, DOORS Next Gen...

6.5CVSS6.6AI score0.00544EPSS
CVE
CVE
added 2021/01/27 4:15 p.m.50 views

CVE-2020-4855

The CVE-2020-4855 issue affects IBM Jazz Foundation products and is a cross-site scripting vulnerability in the Web UI that could enable an attacker to inject arbitrary JavaScript and potentially disclose credentials in a trusted session. Affected components include IBM Jazz Team Server family (E...

5.4CVSS5.2AI score0.00665EPSS
CVE
CVE
added 2021/04/12 6:0 p.m.49 views

CVE-2020-4964

CVE-2020-4964 affects IBM Jazz Team Server and related IBM Engineering Lifecycle Management components. The vulnerability is described as an undisclosed issue allowing an authenticated user to display a customized message within the application to phish other users. Public details from IBM’s bull...

4.3CVSS5.2AI score0.00638EPSS
CVE
CVE
added 2021/07/28 12:25 p.m.49 views

CVE-2020-4974

CVE-2020-4974 affects IBM Jazz Foundation and multiple IBM Engineering products (EWM, DOORS Next, RTC, RDNG, RQM, ELN/ENI/RELM/ELM, etc.). The vulnerability is Server-Side Request Forgery (SSRF) that an authenticated attacker could exploit to cause the system to send unauthorized requests, enabli...

6.5CVSS6.3AI score0.00598EPSS
CVE
CVE
added 2021/07/28 12:25 p.m.49 views

CVE-2020-5004

CVE-2020-5004 is a cross-site scripting vulnerability in IBM Jazz Foundation Web UI that could allow an attacker to embed arbitrary JavaScript and potentially disclose credentials in a trusted session. The issue affects IBM Jazz Foundation–based products (as listed in IBM advisories) and is refle...

5.4CVSS5.3AI score0.00495EPSS
CVE
CVE
added 2021/01/27 4:15 p.m.48 views

CVE-2020-4524

CVE-2020-4524 concerns an IBM Jazz Foundation cross-site scripting vulnerability in the Web UI that can allow embedding arbitrary JavaScript and potentially disclose credentials within a trusted session. The issue affects IBM Jazz Foundation family products (and related IBM ELM/RTC/RM components)...

5.4CVSS5.2AI score0.00665EPSS
CVE
CVE
added 2021/01/27 4:15 p.m.48 views

CVE-2020-4547

IBM Jazz Foundation products are affected by CVE-2020-4547, a remote, click-hijacking vulnerability where誘 users are tricked into visiting a malicious site, enabling an attacker to hijack the victim’s clicking actions and potentially launch further attacks. Affected stack spans IBM Jazz Team Serv...

5.4CVSS5.3AI score0.00821EPSS
CVE
CVE
added 2020/09/02 6:25 p.m.47 views

CVE-2020-4546

CVE-2020-4546 is an XSS vulnerability in IBM Jazz Team Server Web UI affecting multiple Jazz-based applications (ELM, DOORS Next, ENI, EWM, RQM, CLM, etc.). The root cause is arbitrary JavaScript/HTML injection in the Web UI, enabling credential exposure within a trusted session. The IBM security...

5.4CVSS5.2AI score0.00561EPSS
CVE
CVE
added 2026/06/22 1:20 p.m.21 views

CVE-2025-33128

The CVE-2025-33128 affects IBM Engineering Workflow Management (part of IBM Engineering Lifecycle Management). Affected versions are 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007. The issue is a cross-site scripting (XSS) vulnerability in the Web UI that lets an authent...

5.4CVSS5.5AI score0.00139EPSS
CVE
CVE
added 2026/06/22 2:33 p.m.11 views

CVE-2024-51454

Affected product: IBM Engineering Workflow Management (part of IBM Engineering Lifecycle Management). The vulnerability is a free-form HTTP header injection in HOST header parsing due to input validation weaknesses. Affected versions are 7.0.2 (with Interim Fix 035), 7.0.3 (IFix 017), and 7.1 (IF...

6.5CVSS5.8AI score0.00181EPSS