CVE-2023-45191 – IBM Engineering Lifecycle Optimization information disclosure
https://notcve.org/view.php?id=CVE-2023-45191
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755. IBM Engineering Lifecycle Optimization 7.0.2 y 7.0.3 utiliza una configuración de bloqueo de cuenta inadecuada que podría permitir a un atacante remoto utilizar fuerza bruta en las credenciales de la cuenta. ID de IBM X-Force: 268755. • https://exchange.xforce.ibmcloud.com/vulnerabilities/268755 https://www.ibm.com/support/pages/node/7116045 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVE-2023-45190 – IBM Engineering Lifecycle Optimization HTTP header injection
https://notcve.org/view.php?id=CVE-2023-45190
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 268754. IBM Engineering Lifecycle Optimization 7.0.2 y 7.0.3 es vulnerable a la inyección de encabezados HTTP, causada por una validación incorrecta de la entrada por parte de los encabezados HOST. Esto podría permitir que un atacante realice varios ataques contra el sistema vulnerable, incluido cross-site scripting, envenenamiento de caché o secuestro de sesión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/268754 https://www.ibm.com/support/pages/node/7116045 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVE-2023-45187 – IBM Engineering Lifecycle Optimization - Publishing session fixation
https://notcve.org/view.php?id=CVE-2023-45187
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749. IBM Engineering Lifecycle Optimization: las publicaciones 7.0.2 y 7.0.3 no invalidan la sesión después del cierre de sesión, lo que podría permitir que un usuario autenticado se haga pasar por otro usuario en el sistema. ID de IBM X-Force: 268749. • https://exchange.xforce.ibmcloud.com/vulnerabilities/268749 https://www.ibm.com/support/pages/node/7116045 • CWE-613: Insufficient Session Expiration •