Codebeamer Security Vulnerabilities and Issues — Codebeamer CVE List

IntlandCodebeamer

8 matches found

CVE•added 2020/03/30 9:26 p.m.•65 views

CVE-2019-19913

Intland codeBeamer ALM 9.5 and earlier is affected by a stored XSS vulnerability in the Trackers Title parameter. The root cause is improper handling/validation of this input, allowing injected scripts to execute in the context of the vulnerable page. Affected software: codeBeamer ALM 9.5 and ear...

4.8CVSS4.8AI score0.00323EPSS

CVE•added 2020/03/30 9:28 p.m.•64 views

CVE-2019-19912

Intland codeBeamer ALM

4.8CVSS4.8AI score0.00254EPSS

CVE•added 2020/12/07 3:26 p.m.•52 views

CVE-2020-26513

Intland codeBeamer ALM 10.x–10.1.SP4 is affected by an XML External Entity (XXE) vulnerability in the ReqIF XML data import path. The issue arises because ReqIF data is parsed by insecurely configured components, enabling XXE attacks (as described in PT-2020-16433 and corroborated by CVE-2020-265...

5.5CVSS5.5AI score0.00239EPSS

CVE•added 2021/06/08 12:42 p.m.•47 views

CVE-2020-26517

CVE-2020-26517 affects Intland codeBeamer ALM, versions 10.x through 10.1.SP4. The issue is a cross-site scripting (XSS) vulnerability that can be exploited via: (1) WebDAV file uploads to a project by authenticated users, (2) the users import functionality by admin users, and (3) modifying the l...

4.8CVSS4.8AI score0.0031EPSS

CVE•added 2020/04/02 3:4 p.m.•46 views

CVE-2019-20635

CVE-2019-20635 affects codeBeamer prior to 9.5.0-RC3. The root cause is insufficient restriction of computing fields that can execute custom Java code and access the Java class loader. Impact, as stated, is the possibility to run custom Java code via these fields, with the risk of subsequent acce...

6.1CVSS6.5AI score0.00386EPSS

CVE•added 2021/06/08 12:47 p.m.•40 views

CVE-2020-26515

The CVE-2020-26515 entry concerns Intland codeBeamer ALM 10.x–10.1.SP4, where the remember-me cookie CB_LOGIN stores user credentials and is encrypted with a NULL key due to a bug in the application. This creates an insufficient protection of credentials with potential exposure if the cookie is a...

7.5CVSS7.4AI score0.00089EPSS

CVE•added 2021/06/08 12:28 p.m.•40 views

CVE-2020-26516

The CVE-2020-26516 issue affects Intland codeBeamer ALM (versions 10.x through 10.1.SP4). The root cause is missing CSRF tokens in requests that trigger server actions, allowing crafted requests to cause a victim’s browser to perform undesired actions within the web application. The NVD entry lis...

8.8CVSS8.6AI score0.00221EPSS

CVE•added 2023/08/29 9:42 p.m.•40 views

CVE-2023-4296

PTC Codebeamer CVE-2023-4296 is a cross-site scripting vulnerability (CWE-79) in the Codebeamer ALM platform. An attacker tricks an admin into clicking a malicious link, potentially injecting arbitrary JavaScript into the victim’s browser. Affected versions: Codebeamer <= 22.10-SP7, <= 22.0...

8.8CVSS6.7AI score0.01305EPSS

Web