Engineering lifecycle optimization - publishing
This hub aggregates every CVE we track for Engineering lifecycle optimization - publishing, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.
31
CVEs tracked
0
Critical
2
High
0
In CISA KEV
Severity distribution
MEDIUM29HIGH2
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Engineering lifecycle optimization - publishing.
- CVE-2023-45191IBM Engineering Lifecycle Optimization information disclosure7.5
- CVE-2023-45190IBM Engineering Lifecycle Optimization HTTP header injection5.1
- CVE-2023-45187IBM Engineering Lifecycle Optimization - Publishing session fixation6.3
- CVE-2021-39028IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This co...5.4
- CVE-2021-39019IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. IBM X-For...6.5
- CVE-2021-39018IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the s...4.3
- CVE-2021-39017IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID...6.5
- CVE-2021-39016IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the...4.3
- CVE-2021-39015IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thu...5.4
- CVE-2021-29670IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended ...5.4
- CVE-2021-29668IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended ...5.4
- CVE-2021-20371IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. This information could be used in fu...6.5
- CVE-2021-20348IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potent...5.4
- CVE-2021-20347IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potent...5.4
- CVE-2021-20345IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potent...5.4
Product normalization is registry-driven with AI assist and human review. How it works