CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41763 – IBM Engineering Lifecycle Optimization - Publishing information disclosure
https://notcve.org/view.php?id=CVE-2024-41763
04 Jan 2025 — IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://www.ibm.com/support/pages/node/7180204 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41766 – IBM Engineering Lifecycle Optimization - Publishing denial of service
https://notcve.org/view.php?id=CVE-2024-41766
04 Jan 2025 — IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression. • https://www.ibm.com/support/pages/node/7180203 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41765 – IBM Engineering Lifecycle Optimization - Publishing directory traversal
https://notcve.org/view.php?id=CVE-2024-41765
04 Jan 2025 — IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. • https://www.ibm.com/support/pages/node/7180201 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41767 – IBM Engineering Lifecycle Optimization - Publishing SQL injection
https://notcve.org/view.php?id=CVE-2024-41767
04 Jan 2025 — IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. • https://www.ibm.com/support/pages/node/7180199 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41768 – IBM Engineering Lifecycle Optimization - Publishing unhandled SLL exception
https://notcve.org/view.php?id=CVE-2024-41768
04 Jan 2025 — IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure state. • https://www.ibm.com/support/pages/node/7180202 • CWE-544: Missing Standardized Error Handling Mechanism •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45188 – IBM Engineering Lifecycle Optimization Publishing file upload
https://notcve.org/view.php?id=CVE-2023-45188
09 Jun 2024 — IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 268751. IBM Engineering Lifecycle Optimization Publishing 7.0.2 y 7.03 podría permitir a un atacante remoto cargar arc... • https://exchange.xforce.ibmcloud.com/vulnerabilities/268751 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45191 – IBM Engineering Lifecycle Optimization information disclosure
https://notcve.org/view.php?id=CVE-2023-45191
09 Feb 2024 — IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755. IBM Engineering Lifecycle Optimization 7.0.2 y 7.0.3 utiliza una configuración de bloqueo de cuenta inadecuada que podría permitir a un atacante remoto utilizar fuerza bruta en las credenciales de la cuenta. ID de IBM X-Force: 268755. • https://exchange.xforce.ibmcloud.com/vulnerabilities/268755 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45190 – IBM Engineering Lifecycle Optimization HTTP header injection
https://notcve.org/view.php?id=CVE-2023-45190
09 Feb 2024 — IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 268754. IBM Engineering Lifecycle Optimization 7.0.2 y 7.0.3 es vulnerable a la inyección de encabezados HTTP, causada por una validación incorrecta de la entrada por parte de los enca... • https://exchange.xforce.ibmcloud.com/vulnerabilities/268754 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45187 – IBM Engineering Lifecycle Optimization - Publishing session fixation
https://notcve.org/view.php?id=CVE-2023-45187
09 Feb 2024 — IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749. IBM Engineering Lifecycle Optimization: las publicaciones 7.0.2 y 7.0.3 no invalidan la sesión después del cierre de sesión, lo que podría permitir que un usuario autenticado se haga pasar por otro usuario en el sistema. ID de IBM X-Force: 268749. • https://exchange.xforce.ibmcloud.com/vulnerabilities/268749 • CWE-613: Insufficient Session Expiration •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-39028
https://notcve.org/view.php?id=CVE-2021-39028
14 Jul 2022 — IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 213866. IBM Engineering Lifecycle Optimization - Publishing versiones 6.0.6, 6.0.6.1, 7.0, 7.0.1 y 7.0.2, es vulnerable a una inyección de encabezado... • https://exchange.xforce.ibmcloud.com/vulnerabilities/213866 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •