CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39727 – IBM Engineering Lifecycle Optimization - Engineering Insights tabnabbing
https://notcve.org/view.php?id=CVE-2024-39727
25 Dec 2024 — IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims’ web browser. IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 y 7.0.3 utiliza un enlace web con referencias que no son de confianza a un sitio externo. Un atacante remoto podría aprovechar esta vulnerabilidad para exponer... • https://www.ibm.com/support/pages/node/7176783 • CWE-1022: Use of Web Link to Untrusted Target with window.opener Access •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39725 – IBM Engineering Lifecycle Optimization - Engineering Insights information disclosure
https://notcve.org/view.php?id=CVE-2024-39725
25 Dec 2024 — IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 y 7.0.3 podría permitir a un atacante remoto obtener información confidencial cuando se devuelve un mensaje de error técnico detallado en el navegador. Esta informaci... • https://www.ibm.com/support/pages/node/7176782 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39726 – IBM Engineering Insights XML external entity injection
https://notcve.org/view.php?id=CVE-2024-39726
15 Nov 2024 — IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. • https://www.ibm.com/support/pages/node/7176208 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.4EPSS: 0%CPEs: 25EXPL: 0CVE-2020-5004
https://notcve.org/view.php?id=CVE-2020-5004
28 Jul 2021 — IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957. Los productos de IBM Jazz Foundation son vulnerables al cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario de la web, alterando así la funcionalid... • https://exchange.xforce.ibmcloud.com/vulnerabilities/192957 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 25EXPL: 0CVE-2020-4974
https://notcve.org/view.php?id=CVE-2020-4974
28 Jul 2021 — IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434. Los productos IBM Jazz Foundation son vulnerables a la falsificación de solicitudes del lado del servidor (SSRF). Esto puede permitir que un atacante autenticado envíe solicitudes no autorizadas desde el sistema, lo que podría conducir a la en... • https://exchange.xforce.ibmcloud.com/vulnerabilities/192434 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 0%CPEs: 25EXPL: 0CVE-2021-29670
https://notcve.org/view.php?id=CVE-2021-29670
02 Jun 2021 — IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199408. Los productos IBM Jazz Foundation e IBM Engineering son vulnerables a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Us... • https://exchange.xforce.ibmcloud.com/vulnerabilities/199408 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 25EXPL: 0CVE-2021-29668
https://notcve.org/view.php?id=CVE-2021-29668
02 Jun 2021 — IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199406. Los productos IBM Jazz Foundation e IBM Engineering son vulnerables a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Us... • https://exchange.xforce.ibmcloud.com/vulnerabilities/199406 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 25EXPL: 0CVE-2021-20371
https://notcve.org/view.php?id=CVE-2021-20371
02 Jun 2021 — IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195516. Los productos IBM Jazz Foundation e IBM Engineering podrían permitir a un atacante remoto obtener información confidencial cuando un mensaje de error es devuelto en el navegador. Esta información podría ser usada en posteriores ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/195516 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 25EXPL: 0CVE-2021-20348
https://notcve.org/view.php?id=CVE-2021-20348
02 Jun 2021 — IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 194597. Los productos IBM Jazz Foundation e IBM Engineering son vulnerables a ataques de tipo server-side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el sistema, lo qu... • https://exchange.xforce.ibmcloud.com/vulnerabilities/194597 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.5EPSS: 0%CPEs: 25EXPL: 0CVE-2021-20347
https://notcve.org/view.php?id=CVE-2021-20347
02 Jun 2021 — IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194596. Los productos IBM Jazz Foundation e IBM Engineering son vulnerables a ataques de tipo server-side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el sistema, lo q... • https://exchange.xforce.ibmcloud.com/vulnerabilities/194596 • CWE-918: Server-Side Request Forgery (SSRF) •