Vulnerabilities > IBM > Engineering Lifecycle Optimization > 7.0.3

DATE CVE VULNERABILITY TITLE RISK
2024-02-09 CVE-2023-45187 Insufficient Session Expiration vulnerability in IBM Engineering Lifecycle Optimization 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
network
low complexity
ibm CWE-613
8.8
8.8
2024-02-09 CVE-2023-45190 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Engineering Lifecycle Optimization 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
network
low complexity
ibm CWE-307
6.1
6.1
2024-02-09 CVE-2023-45191 Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Engineering Lifecycle Optimization 7.0.2/7.0.3
IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
network
low complexity
ibm CWE-307
7.5
7.5