Ibm

Engineering Lifecycle Management

45 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-36157

  • EPSS 0.11%
  • Published 24.08.2025 01:14:41
  • Last modified 25.08.2025 20:24:45

IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions.

5.5

CVE-2022-34355

  • EPSS 0.02%
  • Published 06.10.2023 21:15:10
  • Last modified 21.11.2024 07:09:20

IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) could disclose sensitive version information to a user that could be used in further attacks against the system. IBM X-Force ID: 230498.

5.4

CVE-2021-20338

  • EPSS 0.19%
  • Published 02.06.2021 21:15:07
  • Last modified 21.11.2024 05:46:25

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disc...

9

CVE-2020-4495

  • EPSS 1.51%
  • Published 02.06.2021 21:15:07
  • Last modified 21.11.2024 05:32:48

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API, an attacker could exploit this vulnerability to...

6.5

CVE-2020-4732

  • EPSS 0.21%
  • Published 02.06.2021 21:15:07
  • Last modified 21.11.2024 05:33:11

IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to obtain sensitive information due to lack of security restrictions. IBM X-Force ID: 188126.

5.4

CVE-2020-4977

  • EPSS 0.19%
  • Published 02.06.2021 21:15:07
  • Last modified 21.11.2024 05:33:30

IBM Engineering Lifecycle Optimization - Publishing is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credent...

5.4

CVE-2020-5030

  • EPSS 0.21%
  • Published 02.06.2021 21:15:07
  • Last modified 21.11.2024 05:33:34

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disc...

5.5

CVE-2021-20343

  • EPSS 0.09%
  • Published 02.06.2021 21:15:07
  • Last modified 21.11.2024 05:46:25

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating ...

5.5

CVE-2021-20345

  • EPSS 0.1%
  • Published 02.06.2021 21:15:07
  • Last modified 21.11.2024 05:46:26

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating ...

5.5

CVE-2021-20346

  • EPSS 0.15%
  • Published 02.06.2021 21:15:07
  • Last modified 21.11.2024 05:46:26

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating ...