Vulnerabilities > IBM > Engineering Lifecycle Optimization Publishing
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-02 | CVE-2021-20347 | Server-Side Request Forgery (SSRF) vulnerability in IBM products IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). | 5.4 |
| 2021-06-02 | CVE-2021-20348 | Server-Side Request Forgery (SSRF) vulnerability in IBM products IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). | 5.4 |
| 2021-06-02 | CVE-2021-20371 | Information Exposure Through an Error Message vulnerability in IBM products IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. | 6.5 |
| 2021-06-02 | CVE-2021-29668 | Cross-site Scripting vulnerability in IBM products IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. | 5.4 |
| 2021-06-02 | CVE-2021-29670 | Cross-site Scripting vulnerability in IBM products IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. | 5.4 |
| 2020-07-16 | CVE-2020-4316 | Unspecified vulnerability in IBM Engineering Lifecycle Optimization - Publishing 6.0.6/6.0.6.1/7.0 IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure attribute on authorization tokens or session cookies. | 4.7 |
| 2020-02-12 | CVE-2019-4431 | Cross-site Scripting vulnerability in IBM Engineering Lifecycle Optimization - Publishing 6.0.6/6.0.6.1 IBM Rational Publishing Engine 6.0.6 and 6.0.6.1 is vulnerable to cross-site scripting. | 5.4 |
| 2019-01-04 | CVE-2018-1951 | Cross-site Scripting vulnerability in IBM Engineering Lifecycle Optimization - Publishing 2.1.2/6.0.5/6.0.6 IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. | 5.4 |
| 2019-01-04 | CVE-2018-1657 | Cross-site Scripting vulnerability in IBM Engineering Lifecycle Optimization - Publishing 2.1.2/6.0.5/6.0.6 IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. | 5.4 |
| 2018-10-12 | CVE-2018-1534 | Cross-site Scripting vulnerability in IBM Engineering Lifecycle Optimization - Publishing 6.0.5/6.0.6 IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting. | 5.4 |