cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-38868,https://securityvulnerability.io/vulnerability/CVE-2021-38868,Cross-Site Request Forgery Vulnerability in IBM Engineering Requirements Quality Assistant,"IBM Engineering Requirements Quality Assistant On-Premises is susceptible to cross-site request forgery, a vulnerability that could allow attackers to perform unauthorized actions by exploiting the trust a website places in authenticated users. This could lead to significant security risks, as malicious operations may be executed without the knowledge of users engaged with the platform. It is crucial for organizations using this software to review their configurations and apply recommended security patches to mitigate this risk.",IBM,Engineering Requirements Quality Assistant On-premises,6.5,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2022-07-18T18:15:00.000Z,0
CVE-2021-29788,https://securityvulnerability.io/vulnerability/CVE-2021-29788,Cross-Site Scripting Vulnerability in IBM Engineering Requirements Quality Assistant,"IBM Engineering Requirements Quality Assistant On-Premises is susceptible to cross-site scripting (XSS), enabling potential attackers to inject arbitrary JavaScript code into the web interface. This manipulation can lead to the alteration of expected functionality, which may facilitate the disclosure of sensitive information like user credentials during trusted sessions. To safeguard against this vulnerability, users should apply patches and adhere to best security practices.",IBM,Engineering Requirements Quality Assistant On-premises,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-07-18T18:15:00.000Z,0
CVE-2021-29790,https://securityvulnerability.io/vulnerability/CVE-2021-29790,Cross-Site Scripting Vulnerability in IBM Engineering Requirements Quality Assistant,IBM Engineering Requirements Quality Assistant On-Premises is affected by a cross-site scripting vulnerability that allows attackers to inject arbitrary JavaScript code via the Web UI. This could significantly alter the application's intended functionality and may lead to the disclosure of user credentials during a trusted session. Users of affected versions should implement security measures to prevent exploitation.,IBM,Engineering Requirements Quality Assistant On-premises,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-07-18T18:15:00.000Z,0
CVE-2021-29799,https://securityvulnerability.io/vulnerability/CVE-2021-29799,Sensitive Information Exposure in IBM Engineering Requirements Quality Assistant,"The IBM Engineering Requirements Quality Assistant On-Premises is susceptible to a vulnerability that allows an authenticated user to acquire sensitive information due to improper validation on the client side. This flaw may lead to unauthorized access to confidential data, which could compromise the integrity and confidentiality of the application's information management.",IBM,Engineering Requirements Quality Assistant On-premises,6.5,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2022-07-18T18:15:00.000Z,0
CVE-2021-29899,https://securityvulnerability.io/vulnerability/CVE-2021-29899,Denial of Service Vulnerability in IBM Engineering Requirements Quality Assistant,"IBM Engineering Requirements Quality Assistant prior to version 3.1.3 is vulnerable to a Denial of Service (DoS) attack. An authenticated user could exploit this vulnerability to disrupt the availability of the service, potentially leaving it inaccessible to legitimate users. Organizations using affected versions should consider upgrading to mitigate the risk of service interruption. For further information, refer to the official IBM documentation and vulnerability database entries.",IBM,Engineering Requirements Quality Assistant,6.5,MEDIUM,0.0007600000244565308,false,,false,false,false,,,false,false,,2022-03-18T16:15:00.000Z,0
CVE-2020-4663,https://securityvulnerability.io/vulnerability/CVE-2020-4663,,IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186234.,IBM,Engineering Requirements Quality Assistant,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-01-08T15:15:00.000Z,0
CVE-2020-4667,https://securityvulnerability.io/vulnerability/CVE-2020-4667,,IBM Engineering Requirements Quality Assistant On-Premises could allow an authenticated user to obtain sensitive information due to improper input validation. IBM X-Force ID: 186282.,IBM,Engineering Requirements Quality Assistant,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-01-08T15:15:00.000Z,0
CVE-2020-4666,https://securityvulnerability.io/vulnerability/CVE-2020-4666,,IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186281.,IBM,Engineering Requirements Quality Assistant,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-01-08T15:15:00.000Z,0
CVE-2020-4664,https://securityvulnerability.io/vulnerability/CVE-2020-4664,,IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186235.,IBM,Engineering Requirements Quality Assistant,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-01-08T15:15:00.000Z,0