Engineering lifecycle management
This hub aggregates every CVE we track for Engineering lifecycle management, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.
52
CVEs tracked
2
Critical
8
High
0
In CISA KEV
Severity distribution
MEDIUM42HIGH8CRITICAL2
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
1
0
0
3
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Engineering lifecycle management.
- CVE-2026-3660IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Authentication Bypass9.8
- CVE-2026-3603IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to XML external entity injection (XXE) attack7.1
- CVE-2026-4051IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Server Post-Auth Remote Code Execution7.2
- CVE-2025-36033IBM Engineering Lifecycle Management - Global Configuration Management is vulnerable to cross-site scripting5.4
- CVE-2025-36157IBM Engineering Lifecycle Management incorrect authorization9.8
- CVE-2022-34355IBM Jazz Foundation information disclosure4.0
- CVE-2023-40958A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote auth...8.8
- CVE-2023-40955A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote auth...8.8
- CVE-2023-40957A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote auth...8.8
- CVE-2021-29670IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended ...5.4
- CVE-2021-29668IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended ...5.4
- CVE-2021-20371IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. This information could be used in fu...6.5
- CVE-2021-20348IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potent...5.4
- CVE-2021-20347IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potent...5.4
- CVE-2021-20345IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potent...5.4
Product normalization is registry-driven with AI assist and human review. How it works