Engineering_lifecycle_optimization_\-_engineering_insights - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Engineering_lifecycle_optimization_\-_engineering_insights
(Ibm)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	18

Date	Id	Summary	Products	Score	Patch	Annotated
2021-06-02	CVE-2021-20345	IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194594.	Collaborative_lifecycle_management, Engineering_lifecycle_management, Engineering_lifecycle_optimization_\-_engineering_insights, Engineering_lifecycle_optimization_\-_publishing, Engineering_test_management, Rational_doors_next_generation, Rational_engineering_lifecycle_manager, Rational_quality_manager, Removable_media_manager	5.4
2021-06-02	CVE-2021-20346	IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194595.	Collaborative_lifecycle_management, Engineering_lifecycle_management, Engineering_lifecycle_optimization_\-_engineering_insights, Engineering_lifecycle_optimization_\-_publishing, Engineering_test_management, Rational_doors_next_generation, Rational_engineering_lifecycle_manager, Rational_quality_manager, Removable_media_manager	5.4
2021-06-02	CVE-2021-20347	IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194596.	Collaborative_lifecycle_management, Engineering_lifecycle_management, Engineering_lifecycle_optimization_\-_engineering_insights, Engineering_lifecycle_optimization_\-_publishing, Engineering_test_management, Rational_doors_next_generation, Rational_engineering_lifecycle_manager, Rational_quality_manager, Removable_media_manager	5.4
2021-06-02	CVE-2021-20348	IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 194597.	Collaborative_lifecycle_management, Engineering_lifecycle_management, Engineering_lifecycle_optimization_\-_engineering_insights, Engineering_lifecycle_optimization_\-_publishing, Engineering_test_management, Rational_doors_next_generation, Rational_engineering_lifecycle_manager, Rational_quality_manager, Removable_media_manager	5.4
2021-06-02	CVE-2021-20371	IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195516.	Collaborative_lifecycle_management, Engineering_lifecycle_management, Engineering_lifecycle_optimization_\-_engineering_insights, Engineering_lifecycle_optimization_\-_publishing, Engineering_test_management, Rational_doors_next_generation, Rational_engineering_lifecycle_manager, Rational_quality_manager, Removable_media_manager	6.5
2021-06-02	CVE-2021-29668	IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199406.	Collaborative_lifecycle_management, Engineering_lifecycle_management, Engineering_lifecycle_optimization_\-_engineering_insights, Engineering_lifecycle_optimization_\-_publishing, Engineering_test_management, Rational_doors_next_generation, Rational_engineering_lifecycle_manager, Rational_quality_manager, Removable_media_manager	5.4
2021-06-02	CVE-2021-29670	IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199408.	Collaborative_lifecycle_management, Engineering_lifecycle_management, Engineering_lifecycle_optimization_\-_engineering_insights, Engineering_lifecycle_optimization_\-_publishing, Engineering_test_management, Rational_doors_next_generation, Rational_engineering_lifecycle_manager, Rational_quality_manager, Removable_media_manager	5.4
2021-07-28	CVE-2020-4974	IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.	Engineering_lifecycle_optimization_\-_engineering_insights, Engineering_requirements_quality_assistant_on\-Premises, Engineering_test_management, Engineering_workflow_management, Rational_collaborative_lifecycle_management, Rational_doors_next_generation, Rational_engineering_lifecycle_manager, Rational_quality_manager, Rational_team_concert	6.3
2021-07-28	CVE-2020-5004	IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957.	Engineering_lifecycle_optimization_\-_engineering_insights, Engineering_requirements_quality_assistant_on\-Premises, Engineering_test_management, Engineering_workflow_management, Rational_collaborative_lifecycle_management, Rational_doors_next_generation, Rational_engineering_lifecycle_manager, Rational_quality_manager, Rational_team_concert	5.4
2024-11-15	CVE-2024-39726	IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.	Engineering_lifecycle_optimization_\-_engineering_insights	8.2