Vulnerabilities > IBM > Engineering Lifecycle Optimization Publishing

DATE CVE VULNERABILITY TITLE RISK
2022-07-14 CVE-2021-39015 Cross-site Scripting vulnerability in IBM Engineering Lifecycle Optimization Publishing
IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2022-07-14 CVE-2021-39016 Unspecified vulnerability in IBM Engineering Lifecycle Optimization Publishing
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor.
network
low complexity
ibm
4.3
2022-07-14 CVE-2021-39017 Unspecified vulnerability in IBM Engineering Lifecycle Optimization Publishing
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls.
network
low complexity
ibm
6.5
2022-07-14 CVE-2021-39018 Information Exposure Through an Error Message vulnerability in IBM Engineering Lifecycle Optimization Publishing
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system.
network
low complexity
ibm CWE-209
4.3
2022-07-14 CVE-2021-39019 Information Exposure vulnerability in IBM Engineering Lifecycle Optimization Publishing
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user.
network
low complexity
ibm CWE-200
6.5
2022-07-14 CVE-2021-39028 Injection vulnerability in IBM Engineering Lifecycle Optimization Publishing
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
network
low complexity
ibm CWE-74
5.4
2021-06-02 CVE-2020-4495 Unspecified vulnerability in IBM products
IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control.
network
low complexity
ibm
8.8
2021-06-02 CVE-2020-4732 Unspecified vulnerability in IBM products
IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to obtain sensitive information due to lack of security restrictions.
network
low complexity
ibm
6.5
2021-06-02 CVE-2020-4977 Cross-site Scripting vulnerability in IBM products
IBM Engineering Lifecycle Optimization - Publishing is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2021-06-02 CVE-2020-5030 Cross-site Scripting vulnerability in IBM products
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4