Ibm Engineering Lifecycle Optimization — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Engineering Lifecycle Optimization, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2021-29844 — CVSS 8.8 (high): IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send…
CVE-2023-45191 — CVSS 7.5 (high): IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to…
CVE-2021-29774 — CVSS 7.5 (high): IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID…
CVE-2021-29786 — CVSS 6.5 (medium): IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172.
CVE-2023-45187 — CVSS 6.3 (medium): IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an…
CVE-2024-52890 — CVSS 6.1 (medium): IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.03 could be susceptible to cross-site scripting due to no validation of…
CVE-2021-29713 — CVSS 5.4 (medium): IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in…
CVE-2021-29673 — CVSS 5.4 (medium): IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in…
CVE-2021-20507 — CVSS 5.4 (medium): IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2020-5031 — CVSS 5.4 (medium): IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2023-45190 — CVSS 5.1 (medium): IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by…