CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45191 – IBM Engineering Lifecycle Optimization information disclosure
https://notcve.org/view.php?id=CVE-2023-45191
09 Feb 2024 — IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755. IBM Engineering Lifecycle Optimization 7.0.2 y 7.0.3 utiliza una configuración de bloqueo de cuenta inadecuada que podría permitir a un atacante remoto utilizar fuerza bruta en las credenciales de la cuenta. ID de IBM X-Force: 268755. • https://exchange.xforce.ibmcloud.com/vulnerabilities/268755 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45190 – IBM Engineering Lifecycle Optimization HTTP header injection
https://notcve.org/view.php?id=CVE-2023-45190
09 Feb 2024 — IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 268754. IBM Engineering Lifecycle Optimization 7.0.2 y 7.0.3 es vulnerable a la inyección de encabezados HTTP, causada por una validación incorrecta de la entrada por parte de los enca... • https://exchange.xforce.ibmcloud.com/vulnerabilities/268754 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45187 – IBM Engineering Lifecycle Optimization - Publishing session fixation
https://notcve.org/view.php?id=CVE-2023-45187
09 Feb 2024 — IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749. IBM Engineering Lifecycle Optimization: las publicaciones 7.0.2 y 7.0.3 no invalidan la sesión después del cierre de sesión, lo que podría permitir que un usuario autenticado se haga pasar por otro usuario en el sistema. ID de IBM X-Force: 268749. • https://exchange.xforce.ibmcloud.com/vulnerabilities/268749 • CWE-613: Insufficient Session Expiration •