Skip to main content

Engineering Lifecycle Optimization

7 CVEs product

Monthly

CVE-2024-52890 MEDIUM This Month

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.03 could be susceptible to cross-site scripting due to no validation of URIs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Engineering Lifecycle Optimization
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2021-29844 HIGH PATCH This Week

IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Engineering Lifecycle Optimization Engineering Requirements Quality Assistant On Premises Engineering Workflow Management +4
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-29786 MEDIUM PATCH This Month

IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Engineering Lifecycle Optimization Engineering Workflow Management Rational Collaborative Lifecycle Management +3
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-29774 HIGH PATCH This Week

IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

IBM Information Disclosure Engineering Lifecycle Optimization Engineering Workflow Management Rational Collaborative Lifecycle Management +3
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-29713 MEDIUM PATCH This Month

IBM Jazz Team Server products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Engineering Lifecycle Optimization Rational Collaborative Lifecycle Management Rational Doors Next Generation +2
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29673 MEDIUM PATCH This Month

IBM Jazz Team Server products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Engineering Lifecycle Optimization Engineering Workflow Management Rational Collaborative Lifecycle Management +3
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20507 MEDIUM This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Engineering Lifecycle Optimization Engineering Requirements Quality Assistant On Premises Engineering Workflow Management +4
NVD
CVSS 3.1
5.4
EPSS
0.5%
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.03 could be susceptible to cross-site scripting due to no validation of URIs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Engineering Lifecycle Optimization
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Engineering Lifecycle Optimization +6
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Engineering Lifecycle Optimization +5
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

IBM Information Disclosure Engineering Lifecycle Optimization +5
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Team Server products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Engineering Lifecycle Optimization +4
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Jazz Team Server products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Engineering Lifecycle Optimization +5
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Engineering Lifecycle Optimization +6
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy