Codebeamer Security Vulnerabilities and Issues — Codebeamer CVE List

Lucene search

IntlandCodebeamer

3 matches found

CVE•added 2021/06/08 1:15 p.m.•32 views

CVE-2020-26517

A cross-site scripting (XSS) issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project (Authn users), using the users import functionality (Admin only), and changing the login text ...

4.8CVSS4.8AI score0.0031EPSS

CVE•added 2021/06/08 1:15 p.m.•28 views

CVE-2020-26515

An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie (CB_LOGIN) issued by the application contains the encrypted user's credentials. However, due to a bug in the application code, those credentials are encrypted using a...

7.5CVSS7.4AI score0.00072EPSS

CVE•added 2021/06/08 1:15 p.m.•25 views

CVE-2020-26516

A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim's browser to execute undesired actions in the web application thro...

8.8CVSS8.6AI score0.0022EPSS