cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-41763,https://securityvulnerability.io/vulnerability/CVE-2024-41763,Weak Cryptographic Algorithms in IBM Engineering Lifecycle Optimization - Publishing Affecting Security,"The vulnerability associated with IBM Engineering Lifecycle Optimization - Publishing pertains to the use of cryptographic algorithms that do not meet current security standards. As a result, an attacker could potentially decrypt highly sensitive information, leading to unauthorized access and data breaches. This weakness emphasizes the critical need for updating and strengthening cryptographic practices in software development to safeguard user data and maintain security integrity.",IBM,Engineering Lifecycle Optimization Publishing,5.9,MEDIUM,0.0008699999889358878,false,false,false,false,false,false,false,2025-01-04T14:38:06.836Z,0
CVE-2024-41766,https://securityvulnerability.io/vulnerability/CVE-2024-41766,Denial of Service Vulnerability in IBM Engineering Lifecycle Optimization Products,"The vulnerability in IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3 involves the use of complex regular expressions that can be manipulated by remote attackers. Successfully exploiting this flaw could lead to a denial of service, negatively impacting the availability of the affected products and disrupting business continuity. Organizations utilizing these versions should take immediate steps to address this issue and enhance their security posture.",IBM,Engineering Lifecycle Optimization Publishing,7.5,HIGH,0.0004600000102072954,false,false,false,false,false,false,false,2025-01-04T14:37:08.203Z,0
CVE-2024-41765,https://securityvulnerability.io/vulnerability/CVE-2024-41765,Directory Traversal Vulnerability in IBM Engineering Lifecycle Optimization,"A directory traversal vulnerability exists in IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3. This issue enables remote attackers to exploit specially crafted URL requests containing 'dot dot' sequences (/../). By doing so, attackers gain unauthorized access to arbitrary files within the system, potentially exposing sensitive information. It highlights the need for stringent input validation and proper access controls to mitigate such threats and safeguard sensitive data.",IBM,Engineering Lifecycle Optimization Publishing,6.5,MEDIUM,0.0005000000237487257,false,false,false,false,false,false,false,2025-01-04T14:36:13.416Z,0
CVE-2024-41767,https://securityvulnerability.io/vulnerability/CVE-2024-41767,SQL Injection Vulnerability in IBM Engineering Lifecycle Optimization - Publishing,"The SQL injection vulnerability in IBM Engineering Lifecycle Optimization - Publishing affects versions 7.0.2 and 7.0.3. This security issue arises when a remote attacker exploits weaknesses in the application by sending specially crafted SQL statements. By doing so, the attacker may gain unauthorized access to the back-end database, potentially allowing them to view, add, modify, or delete critical information. Organizations using these versions are advised to apply the latest security patches and adopt best practices to mitigate the risks associated with SQL injection attacks.",IBM,Engineering Lifecycle Optimization Publishing,7.3,HIGH,0.0004600000102072954,false,false,false,false,false,false,false,2025-01-04T14:27:46.134Z,0
CVE-2024-41768,https://securityvulnerability.io/vulnerability/CVE-2024-41768,Remote Code Execution Vulnerability in IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3,"The IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3 are susceptible to a vulnerability that allows remote attackers to exploit unhandled SSL exceptions. Such exploitation may lead to the connection entering an unexpected or insecure state, potentially impacting the integrity and confidentiality of data. The vulnerability poses significant risks for organizations relying on these versions, underscoring the importance of timely updates and patches to mitigate potential security threats.",IBM,Engineering Lifecycle Optimization Publishing,6.5,MEDIUM,0.0004600000102072954,false,false,false,false,false,false,false,2025-01-04T14:26:32.766Z,0
CVE-2024-39726,https://securityvulnerability.io/vulnerability/CVE-2024-39726,XML External Entity Injection Vulnerability in IBM Engineering Insights,"An XML External Entity Injection (XXE) vulnerability has been identified in IBM Engineering Lifecycle Optimization - Engineering Insights versions 7.0.2 and 7.0.3, which may allow remote attackers to exploit XML data processing weaknesses. This type of attack can lead to the exposure of sensitive information and may enable attackers to consume system memory resources, thereby impacting application performance and integrity.",IBM,Engineering Lifecycle Optimization - Engineering Insights,8.2,HIGH,0.0008699999889358878,false,false,false,false,,false,false,2024-11-15T17:15:00.000Z,0
CVE-2023-45188,https://securityvulnerability.io/vulnerability/CVE-2023-45188,Arbitrary File Upload Vulnerability Affects IBM Engineering Lifecycle Optimization Publishing,"IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions.  By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system.  IBM X-Force ID:  268751.",IBM,Engineering Lifecycle Optimization Publishing,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-06-09T12:15:17.786Z,0
CVE-2023-45191,https://securityvulnerability.io/vulnerability/CVE-2023-45191,Inadequate Account Lockout Setting Exposes IBM Engineering Lifecycle Optimization to Brute Force Attacks,"IBM Engineering Lifecycle Optimization versions 7.0.2 and 7.0.3 feature an inadequate account lockout mechanism, allowing remote attackers to exploit this vulnerability. This security issue facilitates brute force attempts to compromise user credentials, posing significant risks to account integrity and overall system security. To mitigate potential unauthorized access, users are advised to review account security protocols and apply necessary updates as per IBM's recommendations.",IBM,Engineering Lifecycle Optimization - Publishing,7.5,HIGH,0.0007099999929778278,false,false,false,false,,false,false,2024-02-09T00:34:22.139Z,0
CVE-2023-45190,https://securityvulnerability.io/vulnerability/CVE-2023-45190,IBM Engineering Lifecycle Optimization Vulnerable to HTTP Header Injection,"IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.  This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.  IBM X-Force ID:  268754.",IBM,Engineering Lifecycle Optimization - Publishing,5.1,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-02-09T00:32:06.397Z,0
CVE-2023-45187,https://securityvulnerability.io/vulnerability/CVE-2023-45187,Logout Not Working Properly: Impersonation Risk,IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.  IBM X-Force ID:  268749.,IBM,Engineering Lifecycle Optimization - Publishing,6.3,MEDIUM,0.000590000010561198,false,false,false,false,,false,false,2024-02-09T00:29:52.422Z,0
CVE-2021-39018,https://securityvulnerability.io/vulnerability/CVE-2021-39018,,"IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726.",IBM,Engineering Lifecycle Optimization Publishing,4.3,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2022-07-14T17:15:00.000Z,0
CVE-2021-39019,https://securityvulnerability.io/vulnerability/CVE-2021-39019,,"IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. IBM X-Force ID: 213728.",IBM,Engineering Lifecycle Optimization Publishing,6.5,MEDIUM,0.0005600000149570405,false,false,false,false,,false,false,2022-07-14T17:15:00.000Z,0
CVE-2021-39017,https://securityvulnerability.io/vulnerability/CVE-2021-39017,,"IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 213725.",IBM,Engineering Lifecycle Optimization Publishing,5.7,MEDIUM,0.0008299999753944576,false,false,false,false,,false,false,2022-07-14T17:15:00.000Z,0
CVE-2021-39015,https://securityvulnerability.io/vulnerability/CVE-2021-39015,,"IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213655.",IBM,Engineering Lifecycle Optimization Publishing,5.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2022-07-14T17:15:00.000Z,0
CVE-2021-39028,https://securityvulnerability.io/vulnerability/CVE-2021-39028,,"IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 213866.",IBM,Engineering Lifecycle Optimization Publishing,5.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2022-07-14T17:15:00.000Z,0
CVE-2021-39016,https://securityvulnerability.io/vulnerability/CVE-2021-39016,,"IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. IBM X-Force ID: 213722.",IBM,Engineering Lifecycle Optimization Publishing,4.3,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2022-07-14T17:15:00.000Z,0
CVE-2021-29844,https://securityvulnerability.io/vulnerability/CVE-2021-29844,,"IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.",IBM,"Engineering Workflow Management,Rational Doors Next Generation,Rational Team Concert,Rational Engineering Lifecycle Manager,Engineering Lifecycle Optimization,Rational Collaborative Lifecycle Management",5.4,MEDIUM,0.0009200000204145908,false,false,false,false,,false,false,2021-10-27T16:15:00.000Z,0
CVE-2021-29774,https://securityvulnerability.io/vulnerability/CVE-2021-29774,,IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025.,IBM,"Rational Collaborative Lifecycle Management,Engineering Lifecycle Optimization,Rational Engineering Lifecycle Manager,Rational Doors Next Generation,Rational Team Concert,Engineering Workflow Management",7.5,HIGH,0.0009200000204145908,false,false,false,false,,false,false,2021-10-27T16:15:00.000Z,0
CVE-2021-29786,https://securityvulnerability.io/vulnerability/CVE-2021-29786,,IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172.,IBM,"Engineering Lifecycle Optimization,Rational Collaborative Lifecycle Management,Rational Team Concert,Rational Doors Next Generation,Rational Engineering Lifecycle Manager,Engineering Workflow Management",6.5,MEDIUM,0.0005600000149570405,false,false,false,false,,false,false,2021-10-27T16:15:00.000Z,0
CVE-2021-29673,https://securityvulnerability.io/vulnerability/CVE-2021-29673,,IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199482.,IBM,"Rational Team Concert,Rational Doors Next Generation,Rational Engineering Lifecycle Manager,Engineering Workflow Management,Engineering Lifecycle Optimization,Rational Collaborative Lifecycle Management",5.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2021-10-27T16:15:00.000Z,0
CVE-2021-29713,https://securityvulnerability.io/vulnerability/CVE-2021-29713,,IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,IBM,"Rational Collaborative Lifecycle Management,Engineering Lifecycle Optimization,Rational Engineering Lifecycle Manager,Rational Doors Next Generation,Rational Team Concert,Engineering Workflow Management",5.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2021-10-27T16:15:00.000Z,0
CVE-2020-5004,https://securityvulnerability.io/vulnerability/CVE-2020-5004,,IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957.,IBM,"Rational Team Concert,Rational Quality Manager,Engineering Test Management,Engineering Workflow Management,Rational Doors Next Generation,Rational Collaborative Lifecycle Management,Rational Engineering Lifecycle Manager,Engineering Lifecycle Optimization",5.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2021-07-28T13:15:00.000Z,0
CVE-2020-4974,https://securityvulnerability.io/vulnerability/CVE-2020-4974,,"IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.",IBM,"Engineering Test Management,Rational Team Concert,Rational Quality Manager,Rational Doors Next Generation,Rational Collaborative Lifecycle Management,Engineering Workflow Management,Engineering Lifecycle Optimization,Rational Engineering Lifecycle Manager",6.3,MEDIUM,0.0007200000109151006,false,false,false,false,,false,false,2021-07-28T13:15:00.000Z,0
CVE-2021-20507,https://securityvulnerability.io/vulnerability/CVE-2021-20507,,IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198235.,IBM,"Engineering Workflow Management,Rational Team Concert,Rational Engineering Lifecycle Manager,Rational Doors Next Generation,Engineering Lifecycle Optimization,Rational Collaborative Lifecycle Management",5.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2021-07-19T16:15:00.000Z,0
CVE-2020-5031,https://securityvulnerability.io/vulnerability/CVE-2020-5031,,IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193738.,IBM,"Engineering Workflow Management,Rational Team Concert,Rational Engineering Lifecycle Manager,Rational Doors Next Generation,Engineering Lifecycle Optimization,Rational Collaborative Lifecycle Management",5.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2021-07-19T16:15:00.000Z,0