Vulnerabilities > IBM > Engineering Lifecycle Optimization Publishing > 7.0.3

DATE	CVE	VULNERABILITY TITLE	RISK
2025-01-04	CVE-2024-41763	Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. network low complexity ibm CWE-327	7.5
2025-01-04	CVE-2024-41765	Path Traversal vulnerability in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. network low complexity ibm CWE-22	6.5
2025-01-04	CVE-2024-41766	Unspecified vulnerability in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression. network low complexity ibm	7.5
2025-01-04	CVE-2024-41767	SQL Injection vulnerability in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is vulnerable to SQL injection. network low complexity ibm CWE-89	7.3
2025-01-04	CVE-2024-41768	Missing Standardized Error Handling Mechanism vulnerability in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure state. network low complexity ibm CWE-544	6.5
2024-06-09	CVE-2023-45188	Unspecified vulnerability in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3 IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. network low complexity ibm critical	9.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.