CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41763 – IBM Engineering Lifecycle Optimization - Publishing information disclosure
https://notcve.org/view.php?id=CVE-2024-41763
04 Jan 2025 — IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://www.ibm.com/support/pages/node/7180204 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41766 – IBM Engineering Lifecycle Optimization - Publishing denial of service
https://notcve.org/view.php?id=CVE-2024-41766
04 Jan 2025 — IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression. • https://www.ibm.com/support/pages/node/7180203 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41765 – IBM Engineering Lifecycle Optimization - Publishing directory traversal
https://notcve.org/view.php?id=CVE-2024-41765
04 Jan 2025 — IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. • https://www.ibm.com/support/pages/node/7180201 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41767 – IBM Engineering Lifecycle Optimization - Publishing SQL injection
https://notcve.org/view.php?id=CVE-2024-41767
04 Jan 2025 — IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. • https://www.ibm.com/support/pages/node/7180199 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41768 – IBM Engineering Lifecycle Optimization - Publishing unhandled SLL exception
https://notcve.org/view.php?id=CVE-2024-41768
04 Jan 2025 — IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure state. • https://www.ibm.com/support/pages/node/7180202 • CWE-544: Missing Standardized Error Handling Mechanism •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45188 – IBM Engineering Lifecycle Optimization Publishing file upload
https://notcve.org/view.php?id=CVE-2023-45188
09 Jun 2024 — IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 268751. IBM Engineering Lifecycle Optimization Publishing 7.0.2 y 7.03 podría permitir a un atacante remoto cargar arc... • https://exchange.xforce.ibmcloud.com/vulnerabilities/268751 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-39028
https://notcve.org/view.php?id=CVE-2021-39028
14 Jul 2022 — IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 213866. IBM Engineering Lifecycle Optimization - Publishing versiones 6.0.6, 6.0.6.1, 7.0, 7.0.1 y 7.0.2, es vulnerable a una inyección de encabezado... • https://exchange.xforce.ibmcloud.com/vulnerabilities/213866 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-39019
https://notcve.org/view.php?id=CVE-2021-39019
14 Jul 2022 — IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. IBM X-Force ID: 213728. IBM Engineering Lifecycle Optimization - Publishing versiones 6.0.6, 6.0.6.1, 7.0, 7.0.1 y 7.0.2, podría divulgar información altamente confidencial mediante una petición HTTP GET a un usuario autenticado. IBM X-Force ID: 213728 • https://exchange.xforce.ibmcloud.com/vulnerabilities/213728 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2021-39018
https://notcve.org/view.php?id=CVE-2021-39018
14 Jul 2022 — IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726. IBM Engineering Lifecycle Optimization - Publishing versiones 6.0.6, 6.0.6.1, 7.0, 7.0.1 y 7.0.2, podría divulgar información confidencial en un mensaje de error SQL que podría ayudar a realizar más ataques contra el sistema. IBM X-Force ID: 213726 • https://exchange.xforce.ibmcloud.com/vulnerabilities/213726 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-39017
https://notcve.org/view.php?id=CVE-2021-39017
14 Jul 2022 — IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 213725. IBM Engineering Lifecycle Optimization - Publishing versiones 6.0.6, 6.0.6.1, 7.0, 7.0.1 y 7.0.2, podría permitir a un atacante remoto cargar archivos arbitrarios, causado por controles de acceso inapropiados. IBM X-Force ID: 213725 • https://exchange.xforce.ibmcloud.com/vulnerabilities/213725 •