Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Engineering_lifecycle_optimization_\-_engineering_insights
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 18 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-12-25 | CVE-2024-39725 | IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | Engineering_lifecycle_optimization_\-_engineering_insights | 5.3 | ||
| 2024-12-25 | CVE-2024-39727 | IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser. | Engineering_lifecycle_optimization_\-_engineering_insights | 9.8 | ||
| 2021-06-02 | CVE-2020-4495 | IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API, an attacker could exploit this vulnerability to bypass access restrictions, and execute arbitrary actions with administrative privileges. IBM X-Force ID: 182114. | Collaborative_lifecycle_management, Engineering_lifecycle_management, Engineering_lifecycle_optimization_\-_engineering_insights, Engineering_lifecycle_optimization_\-_publishing, Engineering_test_management, Rational_doors_next_generation, Rational_engineering_lifecycle_manager, Rational_quality_manager, Removable_media_manager | 8.8 | ||
| 2021-06-02 | CVE-2020-4732 | IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to obtain sensitive information due to lack of security restrictions. IBM X-Force ID: 188126. | Collaborative_lifecycle_management, Engineering_lifecycle_management, Engineering_lifecycle_optimization_\-_engineering_insights, Engineering_lifecycle_optimization_\-_publishing, Engineering_test_management, Rational_doors_next_generation, Rational_engineering_lifecycle_manager, Rational_quality_manager, Removable_media_manager | 6.5 | ||
| 2021-06-02 | CVE-2020-4977 | IBM Engineering Lifecycle Optimization - Publishing is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192470. | Collaborative_lifecycle_management, Engineering_lifecycle_management, Engineering_lifecycle_optimization_\-_engineering_insights, Engineering_lifecycle_optimization_\-_publishing, Engineering_test_management, Rational_doors_next_generation, Rational_engineering_lifecycle_manager, Rational_quality_manager, Removable_media_manager | 5.4 | ||
| 2021-06-02 | CVE-2020-5030 | IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193737. | Collaborative_lifecycle_management, Engineering_lifecycle_management, Engineering_lifecycle_optimization_\-_engineering_insights, Engineering_lifecycle_optimization_\-_publishing, Engineering_test_management, Rational_doors_next_generation, Rational_engineering_lifecycle_manager, Rational_quality_manager, Removable_media_manager | 5.4 | ||
| 2021-06-02 | CVE-2021-20338 | IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194449. | Collaborative_lifecycle_management, Engineering_lifecycle_management, Engineering_lifecycle_optimization_\-_engineering_insights, Engineering_lifecycle_optimization_\-_publishing, Engineering_test_management, Rational_doors_next_generation, Rational_engineering_lifecycle_manager, Rational_quality_manager, Removable_media_manager | 5.4 | ||
| 2021-06-02 | CVE-2021-20343 | IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194593. | Collaborative_lifecycle_management, Engineering_lifecycle_management, Engineering_lifecycle_optimization_\-_engineering_insights, Engineering_lifecycle_optimization_\-_publishing, Engineering_test_management, Rational_doors_next_generation, Rational_engineering_lifecycle_manager, Rational_quality_manager, Removable_media_manager | 5.4 | ||
| 2021-06-02 | CVE-2021-20345 | IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194594. | Collaborative_lifecycle_management, Engineering_lifecycle_management, Engineering_lifecycle_optimization_\-_engineering_insights, Engineering_lifecycle_optimization_\-_publishing, Engineering_test_management, Rational_doors_next_generation, Rational_engineering_lifecycle_manager, Rational_quality_manager, Removable_media_manager | 5.4 | ||
| 2021-06-02 | CVE-2021-20346 | IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194595. | Collaborative_lifecycle_management, Engineering_lifecycle_management, Engineering_lifecycle_optimization_\-_engineering_insights, Engineering_lifecycle_optimization_\-_publishing, Engineering_test_management, Rational_doors_next_generation, Rational_engineering_lifecycle_manager, Rational_quality_manager, Removable_media_manager | 5.4 |