Ibm Engineering Lifecycle Optimization - Engineering Insights — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Engineering Lifecycle Optimization - Engineering Insights, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2020-4495 — CVSS 8.8 (high): IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access…
CVE-2024-39726 — CVSS 8.2 (high): IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE)…
CVE-2021-20371 — CVSS 6.5 (medium): IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is…
CVE-2020-4732 — CVSS 6.5 (medium): IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to obtain sensitive information due to lack of security…
CVE-2020-4974 — CVSS 6.3 (medium): IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send…
CVE-2024-39727 — CVSS 6.1 (medium): IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external…
CVE-2020-4977 — CVSS 5.4 (medium): IBM Engineering Lifecycle Optimization - Publishing is vulnerable to stored cross-site scripting. This vulnerability allows users to embed…
CVE-2021-20343 — CVSS 5.4 (medium): IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated…
CVE-2021-20345 — CVSS 5.4 (medium): IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated…
CVE-2021-20346 — CVSS 5.4 (medium): IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated…
CVE-2021-20347 — CVSS 5.4 (medium): IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated…
CVE-2021-20348 — CVSS 5.4 (medium): IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated…
CVE-2020-5030 — CVSS 5.4 (medium): IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2021-29668 — CVSS 5.4 (medium): IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2021-29670 — CVSS 5.4 (medium): IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2021-20338 — CVSS 5.4 (medium): IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2020-5004 — CVSS 5.4 (medium): IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in…
CVE-2024-39725 — CVSS 5.3 (medium): IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacker to obtain sensitive information…