CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-39028
https://notcve.org/view.php?id=CVE-2021-39028
14 Jul 2022 — IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 213866. IBM Engineering Lifecycle Optimization - Publishing versiones 6.0.6, 6.0.6.1, 7.0, 7.0.1 y 7.0.2, es vulnerable a una inyección de encabezado... • https://exchange.xforce.ibmcloud.com/vulnerabilities/213866 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-39019
https://notcve.org/view.php?id=CVE-2021-39019
14 Jul 2022 — IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. IBM X-Force ID: 213728. IBM Engineering Lifecycle Optimization - Publishing versiones 6.0.6, 6.0.6.1, 7.0, 7.0.1 y 7.0.2, podría divulgar información altamente confidencial mediante una petición HTTP GET a un usuario autenticado. IBM X-Force ID: 213728 • https://exchange.xforce.ibmcloud.com/vulnerabilities/213728 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2021-39018
https://notcve.org/view.php?id=CVE-2021-39018
14 Jul 2022 — IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726. IBM Engineering Lifecycle Optimization - Publishing versiones 6.0.6, 6.0.6.1, 7.0, 7.0.1 y 7.0.2, podría divulgar información confidencial en un mensaje de error SQL que podría ayudar a realizar más ataques contra el sistema. IBM X-Force ID: 213726 • https://exchange.xforce.ibmcloud.com/vulnerabilities/213726 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-39017
https://notcve.org/view.php?id=CVE-2021-39017
14 Jul 2022 — IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 213725. IBM Engineering Lifecycle Optimization - Publishing versiones 6.0.6, 6.0.6.1, 7.0, 7.0.1 y 7.0.2, podría permitir a un atacante remoto cargar archivos arbitrarios, causado por controles de acceso inapropiados. IBM X-Force ID: 213725 • https://exchange.xforce.ibmcloud.com/vulnerabilities/213725 •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2021-39016
https://notcve.org/view.php?id=CVE-2021-39016
14 Jul 2022 — IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. IBM X-Force ID: 213722. IBM Engineering Lifecycle Optimization - Publishing versiones 6.0.6, 6.0.6.1, 7.0, 7.0.1 y 7.0.2, no supervisa ni controla suficientemente el volumen de tráfico de red transmitido, por lo que un actor puede causar que... • https://exchange.xforce.ibmcloud.com/vulnerabilities/213722 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-39015
https://notcve.org/view.php?id=CVE-2021-39015
14 Jul 2022 — IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213655. IBM Engineering Lifecycle Optimization - Publishing versiones 7.0, 7.0.1 y 7.0.2, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios inse... • https://exchange.xforce.ibmcloud.com/vulnerabilities/213655 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 19EXPL: 0CVE-2021-29844
https://notcve.org/view.php?id=CVE-2021-29844
27 Oct 2021 — IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. Los productos IBM Jazz Team Server son vulnerables a un ataque de tipo server-side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el sistema, conllevando potencialmente a una enumeración de la red o facili... • https://exchange.xforce.ibmcloud.com/vulnerabilities/205205 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0CVE-2021-29786
https://notcve.org/view.php?id=CVE-2021-29786
27 Oct 2021 — IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172. Los productos IBM Jazz Team Server almacenan las credenciales de usuario en texto sin cifrar que puede leer un usuario autenticado. IBM X-Force ID: 203172 • https://exchange.xforce.ibmcloud.com/vulnerabilities/203172 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2021-29774
https://notcve.org/view.php?id=CVE-2021-29774
27 Oct 2021 — IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025. Los productos IBM Jazz Team Server podrían permitir a un usuario autenticado alcanzar privilegios elevados bajo determinadas configuraciones. IBM X-Force ID: 203025 • https://exchange.xforce.ibmcloud.com/vulnerabilities/203025 •
CVSS: 5.4EPSS: 0%CPEs: 16EXPL: 0CVE-2021-29713
https://notcve.org/view.php?id=CVE-2021-29713
27 Oct 2021 — IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Los productos IBM Jazz Team Server son vulnerables a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista y conll... • https://exchange.xforce.ibmcloud.com/vulnerabilities/200967 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •