Skip to main content

Engineering Lifecycle Management

29 CVEs product

Monthly

CVE-2026-3660 CRITICAL PATCH Act Now

Authorization bypass in IBM Engineering Lifecycle Management (ELM) 7.0.3, 7.1.0, and 7.2.0 allows unauthenticated remote attackers to modify server property files and gain unauthorized access to the application. The flaw carries a critical CVSS 9.8 score with full confidentiality, integrity, and availability impact, and IBM has released Interim Fixes addressing it. No public exploit identified at time of analysis, and EPSS exploitation probability is very low (0.03%, 10th percentile).

Authentication Bypass IBM Engineering Lifecycle Management
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-3603 HIGH PATCH This Week

XML External Entity (XXE) injection in IBM Engineering Lifecycle Management (ELM) 7.0.3, 7.1.0, and 7.2.0 allows authenticated attackers to disclose sensitive information or exhaust memory resources by submitting crafted XML data to the application. The flaw carries a CVSS 7.1 (High) rating with low attack complexity over the network, but EPSS is only 0.02% (5th percentile) and there is no public exploit identified at time of analysis. SSVC classifies exploitation as 'none' with partial technical impact, indicating low immediate urgency despite the vendor-released patch.

XXE IBM Engineering Lifecycle Management
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-4051 HIGH PATCH This Week

Remote code execution in IBM Engineering Lifecycle Management (ELM) versions 7.0.3 through Interim Fix 021, 7.1.0 through Interim Fix 009, and 7.2.0 through Interim Fix 001 allows an attacker with administrative privileges to execute arbitrary code via an exposed method that is not properly restricted (CWE-749). At time of analysis there is no public exploit identified and EPSS is very low (0.01%), but the SSVC technical impact is rated total, making this a high-impact post-authentication issue against ELM administrators. IBM has published a patch advisory and CVSS is 7.2 (AV:N/AC:L/PR:H/UI:N/C:H/I:H/A:H).

Information Disclosure IBM Engineering Lifecycle Management
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-36033 MEDIUM This Month

Engineering Lifecycle Management versions up to 7.0.3 is affected by cross-site scripting (xss) (CVSS 5.4).

IBM XSS Engineering Lifecycle Management
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2023-40958 HIGH POC This Week

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Engineering Lifecycle Management
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-40957 HIGH POC This Week

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Engineering Lifecycle Management
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-40955 HIGH POC This Week

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Engineering Lifecycle Management
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-29670 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29668 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20371 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-20348 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20347 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20346 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20345 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20343 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20338 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20519 MEDIUM PATCH This Month

IBM Jazz Team Server products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Collaborative Lifecycle Management Doors Next Engineering Insights +9
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-20520 MEDIUM PATCH This Month

IBM Jazz Foundation Products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Engineering Insights Engineering Lifecycle Management Engineering Requirements Quality Assistant On Premises +3
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20518 MEDIUM PATCH This Month

IBM Jazz Foundation Products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Engineering Insights Engineering Lifecycle Management Engineering Requirements Quality Assistant On Premises +3
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20506 MEDIUM PATCH This Month

IBM Jazz Foundation Products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Engineering Insights Engineering Lifecycle Management Engineering Requirements Quality Assistant On Premises +3
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20504 MEDIUM PATCH This Month

IBM Jazz Foundation Products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Engineering Insights Engineering Lifecycle Management Engineering Requirements Quality Assistant On Premises +3
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20503 MEDIUM PATCH This Month

IBM Jazz Foundation Products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Engineering Insights Engineering Lifecycle Management Engineering Requirements Quality Assistant On Premises +3
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20502 HIGH PATCH This Week

IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Engineering Insights Engineering Lifecycle Management Engineering Requirements Quality Assistant On Premises +3
NVD
CVSS 3.1
7.1
EPSS
1.4%
CVE-2021-20447 MEDIUM PATCH This Month

IBM Jazz Foundation Products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Engineering Insights Engineering Lifecycle Management Engineering Requirements Quality Assistant On Premises +3
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20352 MEDIUM PATCH This Month

IBM Jazz Foundation Products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Engineering Insights Engineering Lifecycle Management Engineering Requirements Quality Assistant On Premises +3
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20351 MEDIUM PATCH This Month

IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Doors Next Engineering Lifecycle Management Engineering Requirements Quality Assistant On Premises +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20350 MEDIUM PATCH This Month

IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Doors Next Engineering Lifecycle Management Engineering Requirements Quality Assistant On Premises +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20340 MEDIUM PATCH This Month

IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Doors Next Engineering Lifecycle Management Engineering Requirements Quality Assistant On Premises +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20357 MEDIUM PATCH This Month

IBM Jazz Foundation products is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Collaborative Lifecycle Management Engineering Insights Engineering Lifecycle Management +8
NVD
CVSS 3.1
5.4
EPSS
0.7%
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Authorization bypass in IBM Engineering Lifecycle Management (ELM) 7.0.3, 7.1.0, and 7.2.0 allows unauthenticated remote attackers to modify server property files and gain unauthorized access to the application. The flaw carries a critical CVSS 9.8 score with full confidentiality, integrity, and availability impact, and IBM has released Interim Fixes addressing it. No public exploit identified at time of analysis, and EPSS exploitation probability is very low (0.03%, 10th percentile).

Authentication Bypass IBM Engineering Lifecycle Management
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

XML External Entity (XXE) injection in IBM Engineering Lifecycle Management (ELM) 7.0.3, 7.1.0, and 7.2.0 allows authenticated attackers to disclose sensitive information or exhaust memory resources by submitting crafted XML data to the application. The flaw carries a CVSS 7.1 (High) rating with low attack complexity over the network, but EPSS is only 0.02% (5th percentile) and there is no public exploit identified at time of analysis. SSVC classifies exploitation as 'none' with partial technical impact, indicating low immediate urgency despite the vendor-released patch.

XXE IBM Engineering Lifecycle Management
NVD VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Remote code execution in IBM Engineering Lifecycle Management (ELM) versions 7.0.3 through Interim Fix 021, 7.1.0 through Interim Fix 009, and 7.2.0 through Interim Fix 001 allows an attacker with administrative privileges to execute arbitrary code via an exposed method that is not properly restricted (CWE-749). At time of analysis there is no public exploit identified and EPSS is very low (0.01%), but the SSVC technical impact is rated total, making this a high-impact post-authentication issue against ELM administrators. IBM has published a patch advisory and CVSS is 7.2 (AV:N/AC:L/PR:H/UI:N/C:H/I:H/A:H).

Information Disclosure IBM Engineering Lifecycle Management
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Engineering Lifecycle Management versions up to 7.0.3 is affected by cross-site scripting (xss) (CVSS 5.4).

IBM XSS Engineering Lifecycle Management
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Engineering Lifecycle Management
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Engineering Lifecycle Management
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Engineering Lifecycle Management
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Collaborative Lifecycle Management +8
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Collaborative Lifecycle Management +8
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Collaborative Lifecycle Management +8
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management +8
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management +8
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management +8
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management +8
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management +8
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Collaborative Lifecycle Management +8
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Team Server products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Collaborative Lifecycle Management +11
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation Products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Engineering Insights +5
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation Products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Engineering Insights +5
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation Products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Engineering Insights +5
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation Products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Engineering Insights +5
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation Products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Engineering Insights +5
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Engineering Insights +5
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation Products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Engineering Insights +5
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation Products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Engineering Insights +5
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Doors Next +8
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Doors Next +8
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Doors Next +8
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Foundation products is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Collaborative Lifecycle Management +10
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy