Vulnerabilities > IBM > Engineering Lifecycle Optimization Publishing
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-04 | CVE-2024-41763 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2025-01-04 | CVE-2024-41765 | Path Traversal vulnerability in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. | 6.5 |
| 2025-01-04 | CVE-2024-41766 | Unspecified vulnerability in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression. | 7.5 |
| 2025-01-04 | CVE-2024-41767 | SQL Injection vulnerability in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is vulnerable to SQL injection. | 7.3 |
| 2025-01-04 | CVE-2024-41768 | Missing Standardized Error Handling Mechanism vulnerability in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure state. | 6.5 |
| 2024-06-09 | CVE-2023-45188 | Unspecified vulnerability in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. | 9.8 |
| 2022-07-14 | CVE-2021-39015 | Cross-site Scripting vulnerability in IBM products IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. | 5.4 |
| 2022-07-14 | CVE-2021-39016 | Unspecified vulnerability in IBM products IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. | 4.3 |
| 2022-07-14 | CVE-2021-39017 | Unspecified vulnerability in IBM products IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. | 6.5 |
| 2022-07-14 | CVE-2021-39018 | Information Exposure Through an Error Message vulnerability in IBM products IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. | 4.3 |