Engineering Workflow Management@7.0.0 Security Vulnerabilities and Issues — Engineering Workflow Management@7.0.0 CVE List

Lucene search

IbmEngineering Workflow Management7.0.0

18 matches found

CVE•added 2021/03/30 5:15 p.m.•55 views

CVE-2021-20447

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196623.

5.4CVSS5.5AI score0.00158EPSS

CVE•added 2021/03/30 5:15 p.m.•54 views

CVE-2021-20506

5.4CVSS5.5AI score0.00211EPSS

CVE•added 2021/03/30 5:15 p.m.•52 views

CVE-2021-20520

5.4CVSS5.5AI score0.00158EPSS

CVE•added 2021/07/19 4:15 p.m.•51 views

CVE-2021-20507

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

5.4CVSS5.3AI score0.00247EPSS

CVE•added 2021/03/30 5:15 p.m.•51 views

CVE-2021-20518

5.4CVSS5.5AI score0.00143EPSS

CVE•added 2020/09/02 7:15 p.m.•48 views

CVE-2020-4522

IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182397.

5.4CVSS5.2AI score0.00236EPSS

CVE•added 2021/03/30 5:15 p.m.•48 views

CVE-2021-20504

5.4CVSS5.5AI score0.00158EPSS

CVE•added 2021/03/30 5:15 p.m.•47 views

CVE-2021-20352

5.4CVSS5.5AI score0.00158EPSS

CVE•added 2020/09/02 7:15 p.m.•44 views

CVE-2020-4445

5.4CVSS5.2AI score0.00236EPSS

CVE•added 2021/07/19 4:15 p.m.•43 views

CVE-2020-5031

5.4CVSS5.2AI score0.00223EPSS

CVE•added 2021/03/30 5:15 p.m.•43 views

CVE-2021-20502

IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 198059.

7.1CVSS7.2AI score0.00274EPSS

CVE•added 2021/03/30 5:15 p.m.•43 views

CVE-2021-20503

5.4CVSS5.5AI score0.00158EPSS

CVE•added 2021/04/12 6:15 p.m.•41 views

CVE-2021-20519

IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198441.

5.4CVSS5.6AI score0.00157EPSS

CVE•added 2020/08/04 4:15 p.m.•40 views

CVE-2020-4525

5.4CVSS5.6AI score0.00236EPSS

CVE•added 2021/04/12 6:15 p.m.•40 views

CVE-2020-4965

IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422.

7.5CVSS7.6AI score0.00111EPSS

CVE•added 2021/04/12 6:15 p.m.•38 views

CVE-2020-4920

IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191396.

6.4CVSS5.5AI score0.00128EPSS

CVE•added 2021/04/12 6:15 p.m.•37 views

CVE-2020-4964

IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419.

4.3CVSS5.2AI score0.00153EPSS

CVE•added 2020/09/02 7:15 p.m.•35 views

CVE-2020-4546

5.4CVSS5.2AI score0.00236EPSS