cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-41763,https://securityvulnerability.io/vulnerability/CVE-2024-41763,Weak Cryptographic Algorithms in IBM Engineering Lifecycle Optimization - Publishing Affecting Security,"The vulnerability associated with IBM Engineering Lifecycle Optimization - Publishing pertains to the use of cryptographic algorithms that do not meet current security standards. As a result, an attacker could potentially decrypt highly sensitive information, leading to unauthorized access and data breaches. This weakness emphasizes the critical need for updating and strengthening cryptographic practices in software development to safeguard user data and maintain security integrity.",IBM,Engineering Lifecycle Optimization Publishing,5.9,MEDIUM,0.0008699999889358878,false,,false,false,false,,false,false,false,,2025-01-04T14:38:06.836Z,0
CVE-2024-41766,https://securityvulnerability.io/vulnerability/CVE-2024-41766,Denial of Service Vulnerability in IBM Engineering Lifecycle Optimization Products,"The vulnerability in IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3 involves the use of complex regular expressions that can be manipulated by remote attackers. Successfully exploiting this flaw could lead to a denial of service, negatively impacting the availability of the affected products and disrupting business continuity. Organizations utilizing these versions should take immediate steps to address this issue and enhance their security posture.",IBM,Engineering Lifecycle Optimization Publishing,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-04T14:37:08.203Z,0
CVE-2024-41765,https://securityvulnerability.io/vulnerability/CVE-2024-41765,Directory Traversal Vulnerability in IBM Engineering Lifecycle Optimization,"A directory traversal vulnerability exists in IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3. This issue enables remote attackers to exploit specially crafted URL requests containing 'dot dot' sequences (/../). By doing so, attackers gain unauthorized access to arbitrary files within the system, potentially exposing sensitive information. It highlights the need for stringent input validation and proper access controls to mitigate such threats and safeguard sensitive data.",IBM,Engineering Lifecycle Optimization Publishing,6.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,false,,2025-01-04T14:36:13.416Z,0
CVE-2024-41767,https://securityvulnerability.io/vulnerability/CVE-2024-41767,SQL Injection Vulnerability in IBM Engineering Lifecycle Optimization - Publishing,"The SQL injection vulnerability in IBM Engineering Lifecycle Optimization - Publishing affects versions 7.0.2 and 7.0.3. This security issue arises when a remote attacker exploits weaknesses in the application by sending specially crafted SQL statements. By doing so, the attacker may gain unauthorized access to the back-end database, potentially allowing them to view, add, modify, or delete critical information. Organizations using these versions are advised to apply the latest security patches and adopt best practices to mitigate the risks associated with SQL injection attacks.",IBM,Engineering Lifecycle Optimization Publishing,7.3,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-04T14:27:46.134Z,0
CVE-2024-41768,https://securityvulnerability.io/vulnerability/CVE-2024-41768,Remote Code Execution Vulnerability in IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3,"The IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3 are susceptible to a vulnerability that allows remote attackers to exploit unhandled SSL exceptions. Such exploitation may lead to the connection entering an unexpected or insecure state, potentially impacting the integrity and confidentiality of data. The vulnerability poses significant risks for organizations relying on these versions, underscoring the importance of timely updates and patches to mitigate potential security threats.",IBM,Engineering Lifecycle Optimization Publishing,6.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-04T14:26:32.766Z,0
CVE-2023-45188,https://securityvulnerability.io/vulnerability/CVE-2023-45188,Arbitrary File Upload Vulnerability Affects IBM Engineering Lifecycle Optimization Publishing,"IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions.  By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system.  IBM X-Force ID:  268751.",IBM,Engineering Lifecycle Optimization Publishing,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-09T12:15:17.786Z,0
CVE-2023-45191,https://securityvulnerability.io/vulnerability/CVE-2023-45191,Inadequate Account Lockout Setting Exposes IBM Engineering Lifecycle Optimization to Brute Force Attacks,"IBM Engineering Lifecycle Optimization versions 7.0.2 and 7.0.3 feature an inadequate account lockout mechanism, allowing remote attackers to exploit this vulnerability. This security issue facilitates brute force attempts to compromise user credentials, posing significant risks to account integrity and overall system security. To mitigate potential unauthorized access, users are advised to review account security protocols and apply necessary updates as per IBM's recommendations.",IBM,Engineering Lifecycle Optimization - Publishing,7.5,HIGH,0.0007099999929778278,false,,false,false,false,,,false,false,,2024-02-09T00:34:22.139Z,0
CVE-2023-45190,https://securityvulnerability.io/vulnerability/CVE-2023-45190,IBM Engineering Lifecycle Optimization Vulnerable to HTTP Header Injection,"IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.  This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.  IBM X-Force ID:  268754.",IBM,Engineering Lifecycle Optimization - Publishing,5.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-02-09T00:32:06.397Z,0
CVE-2023-45187,https://securityvulnerability.io/vulnerability/CVE-2023-45187,Logout Not Working Properly: Impersonation Risk,IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.  IBM X-Force ID:  268749.,IBM,Engineering Lifecycle Optimization - Publishing,6.3,MEDIUM,0.000590000010561198,false,,false,false,false,,,false,false,,2024-02-09T00:29:52.422Z,0
CVE-2021-39028,https://securityvulnerability.io/vulnerability/CVE-2021-39028,HTTP Header Injection Vulnerability in IBM Engineering Lifecycle Optimization,"The IBM Engineering Lifecycle Optimization - Publishing product is susceptible to an HTTP header injection vulnerability due to inadequate validation of the HOST headers. This weakness allows attackers to potentially execute a variety of hostile actions, including cross-site scripting (XSS), cache poisoning, and session hijacking, thus compromising the security and integrity of the application.",IBM,Engineering Lifecycle Optimization Publishing,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-07-14T17:15:00.000Z,0
CVE-2021-39016,https://securityvulnerability.io/vulnerability/CVE-2021-39016,Excessive Traffic Control Vulnerability in IBM Engineering Lifecycle Optimization,"IBM Engineering Lifecycle Optimization - Publishing versions 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 have a vulnerability that arises from inadequate monitoring and control of transmitted network traffic volume. This oversight enables a potential actor to generate and transmit larger volumes of traffic than permitted, which could affect the application's performance and security. Organizations utilizing these versions should assess their exposure and implement appropriate measures to mitigate the risks associated with this vulnerability.",IBM,Engineering Lifecycle Optimization Publishing,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-07-14T17:15:00.000Z,0
CVE-2021-39019,https://securityvulnerability.io/vulnerability/CVE-2021-39019,Information Disclosure Vulnerability in IBM Engineering Lifecycle Optimization,"IBM Engineering Lifecycle Optimization - Publishing versions 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 potentially expose sensitive information to authenticated users through improperly secured HTTP GET requests. This vulnerability may allow attackers with access to specific user accounts to access confidential data, thereby increasing risks related to data confidentiality and integrity. For more details, refer to the IBM support page and the IBM X-Force vulnerability database entry.",IBM,Engineering Lifecycle Optimization Publishing,6.5,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2022-07-14T17:15:00.000Z,0
CVE-2021-39018,https://securityvulnerability.io/vulnerability/CVE-2021-39018,SQL Injection Vulnerability in IBM Engineering Lifecycle Optimization Product,"IBM Engineering Lifecycle Optimization - Publishing versions 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 are susceptible to a SQL injection vulnerability that can potentially expose sensitive information through error messages generated by SQL queries. This exposure could provide attackers with critical insights that facilitate further exploitation of the system. Organizations using these affected versions should urgently review and apply the necessary updates to mitigate the risk.",IBM,Engineering Lifecycle Optimization Publishing,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-07-14T17:15:00.000Z,0
CVE-2021-39015,https://securityvulnerability.io/vulnerability/CVE-2021-39015,Cross-Site Scripting Vulnerability in IBM Engineering Lifecycle Optimization - Publishing,"IBM Engineering Lifecycle Optimization - Publishing versions 7.0, 7.0.1, and 7.0.2 are susceptible to a cross-site scripting vulnerability. This flaw allows attackers to inject malicious JavaScript code into the web interface. When executed, this code can alter the normal functioning of the application, potentially leading to unauthorized actions, including credential disclosure within a trusted user session. It is incumbent upon users to secure their applications against this vulnerability to prevent exploitation.",IBM,Engineering Lifecycle Optimization Publishing,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-07-14T17:15:00.000Z,0
CVE-2021-39017,https://securityvulnerability.io/vulnerability/CVE-2021-39017,File Upload Vulnerability in IBM Engineering Lifecycle Optimization Products,"A vulnerability exists in IBM Engineering Lifecycle Optimization - Publishing that may allow a remote attacker to upload arbitrary files due to improper access controls. This issue affects multiple versions, potentially leading to unauthorized access or system compromise. Organizations using affected versions should take immediate steps to address this vulnerability by applying available security patches.",IBM,Engineering Lifecycle Optimization Publishing,5.7,MEDIUM,0.0008299999753944576,false,,false,false,false,,,false,false,,2022-07-14T17:15:00.000Z,0