cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-41763,https://securityvulnerability.io/vulnerability/CVE-2024-41763,Weak Cryptographic Algorithms in IBM Engineering Lifecycle Optimization - Publishing Affecting Security,"The vulnerability associated with IBM Engineering Lifecycle Optimization - Publishing pertains to the use of cryptographic algorithms that do not meet current security standards. As a result, an attacker could potentially decrypt highly sensitive information, leading to unauthorized access and data breaches. This weakness emphasizes the critical need for updating and strengthening cryptographic practices in software development to safeguard user data and maintain security integrity.",IBM,Engineering Lifecycle Optimization Publishing,5.9,MEDIUM,0.0008699999889358878,false,false,false,false,false,false,false,2025-01-04T14:38:06.836Z,0
CVE-2024-41766,https://securityvulnerability.io/vulnerability/CVE-2024-41766,Denial of Service Vulnerability in IBM Engineering Lifecycle Optimization Products,"The vulnerability in IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3 involves the use of complex regular expressions that can be manipulated by remote attackers. Successfully exploiting this flaw could lead to a denial of service, negatively impacting the availability of the affected products and disrupting business continuity. Organizations utilizing these versions should take immediate steps to address this issue and enhance their security posture.",IBM,Engineering Lifecycle Optimization Publishing,7.5,HIGH,0.0004600000102072954,false,false,false,false,false,false,false,2025-01-04T14:37:08.203Z,0
CVE-2024-41765,https://securityvulnerability.io/vulnerability/CVE-2024-41765,Directory Traversal Vulnerability in IBM Engineering Lifecycle Optimization,"A directory traversal vulnerability exists in IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3. This issue enables remote attackers to exploit specially crafted URL requests containing 'dot dot' sequences (/../). By doing so, attackers gain unauthorized access to arbitrary files within the system, potentially exposing sensitive information. It highlights the need for stringent input validation and proper access controls to mitigate such threats and safeguard sensitive data.",IBM,Engineering Lifecycle Optimization Publishing,6.5,MEDIUM,0.0005000000237487257,false,false,false,false,false,false,false,2025-01-04T14:36:13.416Z,0
CVE-2024-41767,https://securityvulnerability.io/vulnerability/CVE-2024-41767,SQL Injection Vulnerability in IBM Engineering Lifecycle Optimization - Publishing,"The SQL injection vulnerability in IBM Engineering Lifecycle Optimization - Publishing affects versions 7.0.2 and 7.0.3. This security issue arises when a remote attacker exploits weaknesses in the application by sending specially crafted SQL statements. By doing so, the attacker may gain unauthorized access to the back-end database, potentially allowing them to view, add, modify, or delete critical information. Organizations using these versions are advised to apply the latest security patches and adopt best practices to mitigate the risks associated with SQL injection attacks.",IBM,Engineering Lifecycle Optimization Publishing,7.3,HIGH,0.0004600000102072954,false,false,false,false,false,false,false,2025-01-04T14:27:46.134Z,0
CVE-2024-41768,https://securityvulnerability.io/vulnerability/CVE-2024-41768,Remote Code Execution Vulnerability in IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3,"The IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3 are susceptible to a vulnerability that allows remote attackers to exploit unhandled SSL exceptions. Such exploitation may lead to the connection entering an unexpected or insecure state, potentially impacting the integrity and confidentiality of data. The vulnerability poses significant risks for organizations relying on these versions, underscoring the importance of timely updates and patches to mitigate potential security threats.",IBM,Engineering Lifecycle Optimization Publishing,6.5,MEDIUM,0.0004600000102072954,false,false,false,false,false,false,false,2025-01-04T14:26:32.766Z,0
CVE-2023-45188,https://securityvulnerability.io/vulnerability/CVE-2023-45188,Arbitrary File Upload Vulnerability Affects IBM Engineering Lifecycle Optimization Publishing,"IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions.  By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system.  IBM X-Force ID:  268751.",IBM,Engineering Lifecycle Optimization Publishing,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-06-09T12:15:17.786Z,0
CVE-2023-45191,https://securityvulnerability.io/vulnerability/CVE-2023-45191,Inadequate Account Lockout Setting Exposes IBM Engineering Lifecycle Optimization to Brute Force Attacks,"IBM Engineering Lifecycle Optimization versions 7.0.2 and 7.0.3 feature an inadequate account lockout mechanism, allowing remote attackers to exploit this vulnerability. This security issue facilitates brute force attempts to compromise user credentials, posing significant risks to account integrity and overall system security. To mitigate potential unauthorized access, users are advised to review account security protocols and apply necessary updates as per IBM's recommendations.",IBM,Engineering Lifecycle Optimization - Publishing,7.5,HIGH,0.0007099999929778278,false,false,false,false,,false,false,2024-02-09T00:34:22.139Z,0
CVE-2023-45190,https://securityvulnerability.io/vulnerability/CVE-2023-45190,IBM Engineering Lifecycle Optimization Vulnerable to HTTP Header Injection,"IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.  This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.  IBM X-Force ID:  268754.",IBM,Engineering Lifecycle Optimization - Publishing,5.1,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-02-09T00:32:06.397Z,0
CVE-2023-45187,https://securityvulnerability.io/vulnerability/CVE-2023-45187,Logout Not Working Properly: Impersonation Risk,IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.  IBM X-Force ID:  268749.,IBM,Engineering Lifecycle Optimization - Publishing,6.3,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2024-02-09T00:29:52.422Z,0
CVE-2021-39016,https://securityvulnerability.io/vulnerability/CVE-2021-39016,,"IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. IBM X-Force ID: 213722.",IBM,Engineering Lifecycle Optimization Publishing,4.3,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2022-07-14T17:15:00.000Z,0
CVE-2021-39017,https://securityvulnerability.io/vulnerability/CVE-2021-39017,,"IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 213725.",IBM,Engineering Lifecycle Optimization Publishing,5.7,MEDIUM,0.0008299999753944576,false,false,false,false,,false,false,2022-07-14T17:15:00.000Z,0
CVE-2021-39015,https://securityvulnerability.io/vulnerability/CVE-2021-39015,,"IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213655.",IBM,Engineering Lifecycle Optimization Publishing,5.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2022-07-14T17:15:00.000Z,0
CVE-2021-39028,https://securityvulnerability.io/vulnerability/CVE-2021-39028,,"IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 213866.",IBM,Engineering Lifecycle Optimization Publishing,5.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2022-07-14T17:15:00.000Z,0
CVE-2021-39019,https://securityvulnerability.io/vulnerability/CVE-2021-39019,,"IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. IBM X-Force ID: 213728.",IBM,Engineering Lifecycle Optimization Publishing,6.5,MEDIUM,0.0005600000149570405,false,false,false,false,,false,false,2022-07-14T17:15:00.000Z,0
CVE-2021-39018,https://securityvulnerability.io/vulnerability/CVE-2021-39018,,"IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726.",IBM,Engineering Lifecycle Optimization Publishing,4.3,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2022-07-14T17:15:00.000Z,0