CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45191 – IBM Engineering Lifecycle Optimization information disclosure
https://notcve.org/view.php?id=CVE-2023-45191
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755. IBM Engineering Lifecycle Optimization 7.0.2 y 7.0.3 utiliza una configuración de bloqueo de cuenta inadecuada que podría permitir a un atacante remoto utilizar fuerza bruta en las credenciales de la cuenta. ID de IBM X-Force: 268755. • https://exchange.xforce.ibmcloud.com/vulnerabilities/268755 https://www.ibm.com/support/pages/node/7116045 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45190 – IBM Engineering Lifecycle Optimization HTTP header injection
https://notcve.org/view.php?id=CVE-2023-45190
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 268754. IBM Engineering Lifecycle Optimization 7.0.2 y 7.0.3 es vulnerable a la inyección de encabezados HTTP, causada por una validación incorrecta de la entrada por parte de los encabezados HOST. Esto podría permitir que un atacante realice varios ataques contra el sistema vulnerable, incluido cross-site scripting, envenenamiento de caché o secuestro de sesión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/268754 https://www.ibm.com/support/pages/node/7116045 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45187 – IBM Engineering Lifecycle Optimization - Publishing session fixation
https://notcve.org/view.php?id=CVE-2023-45187
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749. IBM Engineering Lifecycle Optimization: las publicaciones 7.0.2 y 7.0.3 no invalidan la sesión después del cierre de sesión, lo que podría permitir que un usuario autenticado se haga pasar por otro usuario en el sistema. ID de IBM X-Force: 268749. • https://exchange.xforce.ibmcloud.com/vulnerabilities/268749 https://www.ibm.com/support/pages/node/7116045 • CWE-613: Insufficient Session Expiration •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2021-39028
https://notcve.org/view.php?id=CVE-2021-39028
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 213866. IBM Engineering Lifecycle Optimization - Publishing versiones 6.0.6, 6.0.6.1, 7.0, 7.0.1 y 7.0.2, es vulnerable a una inyección de encabezados HTTP, causada por la incorrecta comprobación de la entrada de los encabezados HOST. Esto podría permitir a un atacante conducir varios ataques contra el sistema vulnerable, incluyendo de tipo cross-site scripting, envenenamiento de caché o secuestro de sesión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/213866 https://www.ibm.com/support/pages/node/6603347 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-39019
https://notcve.org/view.php?id=CVE-2021-39019
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. IBM X-Force ID: 213728. IBM Engineering Lifecycle Optimization - Publishing versiones 6.0.6, 6.0.6.1, 7.0, 7.0.1 y 7.0.2, podría divulgar información altamente confidencial mediante una petición HTTP GET a un usuario autenticado. IBM X-Force ID: 213728 • https://exchange.xforce.ibmcloud.com/vulnerabilities/213728 https://www.ibm.com/support/pages/node/6603355 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •