Vulnerabilities > IBM > Engineering Lifecycle Optimization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-09 | CVE-2023-45187 | Insufficient Session Expiration vulnerability in IBM Engineering Lifecycle Optimization 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 8.8 |
2024-02-09 | CVE-2023-45190 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Engineering Lifecycle Optimization 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 6.1 |
2024-02-09 | CVE-2023-45191 | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Engineering Lifecycle Optimization 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 7.5 |
2021-10-27 | CVE-2021-29673 | Cross-site Scripting vulnerability in IBM products IBM Jazz Team Server products are vulnerable to cross-site scripting. | 5.4 |
2021-10-27 | CVE-2021-29713 | Cross-site Scripting vulnerability in IBM products IBM Jazz Team Server products are vulnerable to cross-site scripting. | 5.4 |
2021-10-27 | CVE-2021-29774 | Unspecified vulnerability in IBM products IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. | 7.5 |
2021-10-27 | CVE-2021-29786 | Cleartext Storage of Sensitive Information vulnerability in IBM products IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. | 6.5 |
2021-10-27 | CVE-2021-29844 | Server-Side Request Forgery (SSRF) vulnerability in IBM products IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). | 8.8 |
2021-07-19 | CVE-2020-5031 | Cross-site Scripting vulnerability in IBM products IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. | 5.4 |
2021-07-19 | CVE-2021-20507 | Cross-site Scripting vulnerability in IBM products IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. | 5.4 |