cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-41757,https://securityvulnerability.io/vulnerability/CVE-2024-41757,Information Disclosure Vulnerability in IBM Concert Software,"IBM Concert Software versions 1.0.0 and 1.0.1 are vulnerable due to inadequate implementation of HTTP Strict Transport Security (HSTS). This oversight can be exploited by remote attackers using man-in-the-middle techniques, potentially leading to the exposure of sensitive information. Properly configuring HSTS is critical to safeguard against unauthorized data interception.",IBM,Concert Software,5.9,MEDIUM,0.0008699999889358878,false,,false,false,false,,false,false,false,,2025-01-24T15:14:50.440Z,0
CVE-2024-49354,https://securityvulnerability.io/vulnerability/CVE-2024-49354,Sensitive Information Disclosure in IBM Concert API,"IBM Concert versions 1.0.0, 1.0.1, and 1.0.2 are susceptible to a vulnerability that allows an attacker to exploit specially crafted API calls to disclose sensitive information. This issue requires immediate attention to prevent unauthorized access and ensure data confidentiality.",IBM,Concert Software,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-18T15:17:06.309Z,0
CVE-2024-52893,https://securityvulnerability.io/vulnerability/CVE-2024-52893,Information Disclosure Vulnerability in IBM Concert Software,IBM Concert Software versions 1.0.0 through 1.0.3 may inadvertently expose sensitive information through detailed technical error messages. This information can be leveraged by remote attackers for further exploits against the system's security. It is crucial for administrators to implement proper error handling and apply available patches to mitigate the risks associated with this vulnerability.,IBM,Concert Software,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-07T12:00:41.835Z,0
CVE-2024-52366,https://securityvulnerability.io/vulnerability/CVE-2024-52366,Information Disclosure Vulnerability in IBM Concert Software,"IBM Concert Software versions 1.0.0 through 1.0.3 are susceptible to an information disclosure vulnerability due to improper implementation of HTTP Strict Transport Security (HSTS). This weakness allows remote attackers to engage in man-in-the-middle attacks, potentially enabling them to intercept and obtain sensitive information transmitted over the network. It is critical for users and organizations relying on this software to review and implement necessary security measures to mitigate these risks.",IBM,Concert Software,5.9,MEDIUM,0.0008699999889358878,false,,false,false,false,,false,false,false,,2025-01-07T11:59:53.385Z,0
CVE-2024-52891,https://securityvulnerability.io/vulnerability/CVE-2024-52891,Information Injection Vulnerability in IBM Concert Software,"IBM Concert Software versions 1.0.0 through 1.0.3 have a security vulnerability that permits authenticated users to inject malicious payloads or gain unauthorized access to sensitive information through log files due to inadequate log neutralization. This flaw can compromise the integrity of log data and expose sensitive operations within the software, emphasizing the need for prompt remediation.",IBM,Concert Software,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-07T11:58:13.671Z,0
CVE-2024-52367,https://securityvulnerability.io/vulnerability/CVE-2024-52367,Sensitive Information Disclosure in IBM Concert Software,"IBM Concert Software versions 1.0.0 through 1.0.3 are susceptible to a vulnerability that may allow unauthorized individuals to access sensitive system information. This exposure could be leveraged by malicious actors to conduct further attacks against the system, highlighting the need for users to apply the latest security updates to mitigate potential risks.",IBM,Concert Software,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-07T11:55:11.030Z,0
CVE-2024-37070,https://securityvulnerability.io/vulnerability/CVE-2024-37070,Concert Software Vulnerabilities Could Lead to Sensitive Data Exposure,"IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.",IBM,Concert Software,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-19T19:24:02.919Z,0
CVE-2024-43189,https://securityvulnerability.io/vulnerability/CVE-2024-43189,IBM Concert Software Vulnerability Could Lead to Sensitive Information Theft,"IBM Concert Software 1.0.0 through 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.",IBM,Concert Software,5.9,MEDIUM,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-11-15T14:51:54.421Z,0
CVE-2024-41785,https://securityvulnerability.io/vulnerability/CVE-2024-41785,IBM Concert Software vulnerable to Cross-Site Scripting,IBM Concert Software 1.0.0 through 1.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,IBM,Concert Software,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-15T14:43:17.585Z,0
CVE-2024-43177,https://securityvulnerability.io/vulnerability/CVE-2024-43177,Cookie Management Flaw in IBM Concert Products,"IBM Concert versions 1.0.0 and 1.0.1 are impacted by a vulnerability that stems from improper handling of cookies lacking the SameSite attribute. This oversight may expose users to various security threats, such as cross-site request forgery (CSRF) attacks, where malicious third parties could exploit the lack of cookie restrictions to execute unauthorized actions. Organizations using these versions are advised to implement necessary mitigations and consider updates from IBM to enhance their security posture.",IBM,Concert,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-10-22T15:15:00.000Z,0
CVE-2024-43173,https://securityvulnerability.io/vulnerability/CVE-2024-43173,Vulnerability in IBM Concert Affecting Cookie Management,"IBM Concert versions 1.0.0 and 1.0.1 have a vulnerability related to cookie management that allows for potential exploitation by leveraging the absence of the SameSite attribute in cookies. This flaw enables malicious entities to perform cross-site request forgery (CSRF) and similar attacks, highlighting the necessity for developers to implement secure cookie practices to mitigate such risks. Immediate measures should be taken to update to safer coding standards to ensure user data protection and system integrity.",IBM,Concert,3.7,LOW,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-10-22T15:15:00.000Z,0
CVE-2024-43180,https://securityvulnerability.io/vulnerability/CVE-2024-43180," IBM Concert 1.0 Security Vulnerability: Token and Session Cookie Exposure",IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.,IBM,Concert,4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-09-13T01:24:07.230Z,0
CVE-2020-4989,https://securityvulnerability.io/vulnerability/CVE-2020-4989,Sensitive Information Exposure in IBM Engineering Workflow Management and Rational Team Concert,"An authenticated user could exploit a vulnerability in IBM Engineering Workflow Management and IBM Rational Team Concert to gain unauthorized access to sensitive information regarding build definitions. This exposure may lead to potential data leakage, compromising the integrity and confidentiality of the information managed by these tools.",IBM,"Engineering Workflow Management,Rational Team Concert",4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-03-15T17:15:00.000Z,0
CVE-2021-29701,https://securityvulnerability.io/vulnerability/CVE-2021-29701,Sensitive Information Disclosure in IBM Engineering Workflow Management and Rational Team Concert,"IBM Engineering Workflow Management and IBM Rational Team Concert contain a vulnerability that allows authenticated attackers to access sensitive information from build definitions. This exposure may facilitate additional attacks against the system, posing a risk to the confidentiality and integrity of the affected environments. It is recommended to review build configurations and monitor for unusual access patterns to mitigate potential threats.",IBM,"Engineering Workflow Management,Rational Team Concert",4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-01-11T17:15:00.000Z,0
CVE-2021-29844,https://securityvulnerability.io/vulnerability/CVE-2021-29844,Server-Side Request Forgery Vulnerability in IBM Jazz Team Server,"IBM Jazz Team Server products are susceptible to a server-side request forgery (SSRF) vulnerability. An attacker with authentication privileges can exploit this flaw to orchestrate unauthorized requests from the server. This may lead to sensitive data exposure, enabling attackers to perform network enumeration and potentially facilitate further security breaches. Addressing this security issue is critical to maintaining the integrity and confidentiality of affected systems.",IBM,"Engineering Workflow Management,Rational Doors Next Generation,Rational Team Concert,Rational Engineering Lifecycle Manager,Engineering Lifecycle Optimization,Rational Collaborative Lifecycle Management",5.4,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2021-10-27T16:15:00.000Z,0
CVE-2021-29786,https://securityvulnerability.io/vulnerability/CVE-2021-29786,Clear Text Credential Storage in IBM Jazz Team Server,"IBM Jazz Team Server products have a security flaw where user credentials are stored in clear text, allowing an authenticated user to access sensitive information. This oversight poses a significant risk to user data integrity and confidentiality. Protection measures should be considered to prevent unauthorized access to such credentials, thereby securing the application environment.",IBM,"Engineering Lifecycle Optimization,Rational Collaborative Lifecycle Management,Rational Team Concert,Rational Doors Next Generation,Rational Engineering Lifecycle Manager,Engineering Workflow Management",6.5,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2021-10-27T16:15:00.000Z,0
CVE-2021-29673,https://securityvulnerability.io/vulnerability/CVE-2021-29673,Cross-Site Scripting Vulnerability in IBM Jazz Team Server,"IBM Jazz Team Server is susceptible to a cross-site scripting vulnerability that permits attackers to inject arbitrary JavaScript code into the web user interface. This security flaw can manipulate the expected behaviors of the application, potentially allowing the compromise of user credentials during a trusted session. For more details, refer to the official IBM documentation and the X-Force vulnerability database.",IBM,"Rational Team Concert,Rational Doors Next Generation,Rational Engineering Lifecycle Manager,Engineering Workflow Management,Engineering Lifecycle Optimization,Rational Collaborative Lifecycle Management",5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-10-27T16:15:00.000Z,0
CVE-2021-29713,https://securityvulnerability.io/vulnerability/CVE-2021-29713,Cross-Site Scripting Vulnerability in IBM Jazz Team Server,"IBM Jazz Team Server is susceptible to a cross-site scripting vulnerability that permits malicious users to inject arbitrary JavaScript into the web interface. This flaw can modify the expected functionality of the application, potentially leading to the disclosure of sensitive credentials in the context of an authenticated user session, thus posing significant security risks.",IBM,"Rational Collaborative Lifecycle Management,Engineering Lifecycle Optimization,Rational Engineering Lifecycle Manager,Rational Doors Next Generation,Rational Team Concert,Engineering Workflow Management",5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-10-27T16:15:00.000Z,0
CVE-2021-29774,https://securityvulnerability.io/vulnerability/CVE-2021-29774,Privilege Escalation in IBM Jazz Team Server Products,"IBM Jazz Team Server products are susceptible to a vulnerability that enables an authenticated user to acquire elevated privileges under specific configurations. This misconfiguration could lead to unauthorized access and actions within the affected system, potentially compromising sensitive data and operations. It is crucial for users to review their configurations and apply necessary security measures to mitigate this risk.",IBM,"Rational Collaborative Lifecycle Management,Engineering Lifecycle Optimization,Rational Engineering Lifecycle Manager,Rational Doors Next Generation,Rational Team Concert,Engineering Workflow Management",7.5,HIGH,0.0009200000204145908,false,,false,false,false,,,false,false,,2021-10-27T16:15:00.000Z,0
CVE-2020-4974,https://securityvulnerability.io/vulnerability/CVE-2020-4974,,"IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.",IBM,"Engineering Test Management,Rational Team Concert,Rational Quality Manager,Rational Doors Next Generation,Rational Collaborative Lifecycle Management,Engineering Workflow Management,Engineering Lifecycle Optimization,Rational Engineering Lifecycle Manager",6.3,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2021-07-28T13:15:00.000Z,0
CVE-2020-5004,https://securityvulnerability.io/vulnerability/CVE-2020-5004,,IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957.,IBM,"Rational Team Concert,Rational Quality Manager,Engineering Test Management,Engineering Workflow Management,Rational Doors Next Generation,Rational Collaborative Lifecycle Management,Rational Engineering Lifecycle Manager,Engineering Lifecycle Optimization",5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-07-28T13:15:00.000Z,0
CVE-2020-5031,https://securityvulnerability.io/vulnerability/CVE-2020-5031,,IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193738.,IBM,"Engineering Workflow Management,Rational Team Concert,Rational Engineering Lifecycle Manager,Rational Doors Next Generation,Engineering Lifecycle Optimization,Rational Collaborative Lifecycle Management",5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-07-19T16:15:00.000Z,0
CVE-2021-20507,https://securityvulnerability.io/vulnerability/CVE-2021-20507,,IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198235.,IBM,"Engineering Workflow Management,Rational Team Concert,Rational Engineering Lifecycle Manager,Rational Doors Next Generation,Engineering Lifecycle Optimization,Rational Collaborative Lifecycle Management",5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-07-19T16:15:00.000Z,0
CVE-2020-4920,https://securityvulnerability.io/vulnerability/CVE-2020-4920,,IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191396.,IBM,"Rational Engineering Lifecycle Manager,Rational Quality Manager,Rational Team Concert,Rational Collaborative Lifecycle Management,Rational Doors Next Generation,Engineering Test Management,Engineering Lifecycle Optimization,Engineering Workflow Management,Rational Rhapsody Model Manager",6.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-04-12T18:15:00.000Z,0
CVE-2020-4964,https://securityvulnerability.io/vulnerability/CVE-2020-4964,,IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419.,IBM,"Rational Rhapsody Model Manager,Engineering Lifecycle Optimization,Engineering Workflow Management,Rational Collaborative Lifecycle Management,Rational Doors Next Generation,Engineering Test Management,Rational Engineering Lifecycle Manager,Rational Quality Manager,Rational Team Concert",4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-04-12T18:15:00.000Z,0