Vulnerabilities > IBM > Engineering Lifecycle Optimization Publishing > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-14 | CVE-2021-39015 | Cross-site Scripting vulnerability in IBM Engineering Lifecycle Optimization Publishing IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. | 5.4 |
| 2022-07-14 | CVE-2021-39016 | Unspecified vulnerability in IBM Engineering Lifecycle Optimization Publishing IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. | 4.3 |
| 2022-07-14 | CVE-2021-39017 | Unspecified vulnerability in IBM Engineering Lifecycle Optimization Publishing IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. | 6.5 |
| 2022-07-14 | CVE-2021-39018 | Information Exposure Through an Error Message vulnerability in IBM Engineering Lifecycle Optimization Publishing IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. | 4.3 |
| 2022-07-14 | CVE-2021-39019 | Information Exposure vulnerability in IBM Engineering Lifecycle Optimization Publishing IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. | 6.5 |
| 2022-07-14 | CVE-2021-39028 | Injection vulnerability in IBM Engineering Lifecycle Optimization Publishing IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 5.4 |
| 2021-06-02 | CVE-2020-4732 | Unspecified vulnerability in IBM products IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to obtain sensitive information due to lack of security restrictions. | 6.5 |
| 2021-06-02 | CVE-2020-4977 | Cross-site Scripting vulnerability in IBM products IBM Engineering Lifecycle Optimization - Publishing is vulnerable to stored cross-site scripting. | 5.4 |
| 2021-06-02 | CVE-2020-5030 | Cross-site Scripting vulnerability in IBM products IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. | 5.4 |
| 2021-06-02 | CVE-2021-20338 | Cross-site Scripting vulnerability in IBM products IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. | 5.4 |