Vulnerabilities > IBM > Engineering Lifecycle Optimization

DATE CVE VULNERABILITY TITLE RISK
2024-02-09 CVE-2023-45187 Insufficient Session Expiration vulnerability in IBM Engineering Lifecycle Optimization 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
8.8
2024-02-09 CVE-2023-45190 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Engineering Lifecycle Optimization 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
network
low complexity
ibm CWE-307
6.1
2024-02-09 CVE-2023-45191 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Engineering Lifecycle Optimization 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
network
low complexity
ibm CWE-307
7.5
2021-10-27 CVE-2021-29673 Cross-site Scripting vulnerability in IBM products
IBM Jazz Team Server products are vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2021-10-27 CVE-2021-29713 Cross-site Scripting vulnerability in IBM products
IBM Jazz Team Server products are vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2021-10-27 CVE-2021-29774 Unspecified vulnerability in IBM products
IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations.
network
high complexity
ibm
7.5
2021-10-27 CVE-2021-29786 Cleartext Storage of Sensitive Information vulnerability in IBM products
IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user.
network
low complexity
ibm CWE-312
6.5
2021-10-27 CVE-2021-29844 Server-Side Request Forgery (SSRF) vulnerability in IBM products
IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm CWE-918
8.8
2021-07-19 CVE-2020-5031 Cross-site Scripting vulnerability in IBM products
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2021-07-19 CVE-2021-20507 Cross-site Scripting vulnerability in IBM products
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4