IBM Engineering Lifecycle Optimization

XSS in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.03
CVE-2024-52890 6.1 - Medium - August 05, 2025

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.03 could be susceptible to cross-site scripting due to no validation of URIs.

Improper Neutralization of Encoded URI Schemes in a Web Page

IBM EL Optimization Publishing 7.0.2-7.0.3 SSL Unhandled Exception DoS
CVE-2024-41768 6.5 - Medium - January 04, 2025

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure state.

Missing Standardized Error Handling Mechanism

IBM Engineering Lifecycle Optimization - Engineering Insights External Site Reference Vulnerability
CVE-2024-39727 9.8 - Critical - December 25, 2024

IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims web browser.

tabnabbing

IBM Engineering Lifecycle Optimization - Engineering Insights Information Disclosure Vulnerability
CVE-2024-39725 5.3 - Medium - December 25, 2024

IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

Generation of Error Message Containing Sensitive Information

IBM Engineering Lifecycle Optimization 7.0.2 Brute Force via Weak Lockout
CVE-2023-45191 7.5 - High - February 09, 2024

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755.

Improper Restriction of Excessive Authentication Attempts

HTTP Header Injection in IBM Engineering Lifecycle Optimization 7.0.2/7.0.3
CVE-2023-45190 6.1 - Medium - February 09, 2024

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 268754.

Improper Restriction of Excessive Authentication Attempts

IBM ELO Publishing 7.0.2/3 Session Not Invalidate After Logout
CVE-2023-45187 8.8 - High - February 09, 2024

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749.

Insufficient Session Expiration

IBM Jazz Team Server products are vulnerable to cross-site scripting
CVE-2021-29673 5.4 - Medium - October 27, 2021

IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199482.

XSS

IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations
CVE-2021-29774 7.5 - High - October 27, 2021

IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025.

IBM Jazz Team Server products are vulnerable to cross-site scripting
CVE-2021-29713 5.4 - Medium - October 27, 2021

IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

XSS

IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user
CVE-2021-29786 6.5 - Medium - October 27, 2021

IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172.

Cleartext Storage of Sensitive Information

IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF)
CVE-2021-29844 8.8 - High - October 27, 2021

IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

SSRF

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting
CVE-2021-20507 - July 19, 2021

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198235.

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting
CVE-2020-5031 5.4 - Medium - July 19, 2021

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193738.

XSS

IBM Jazz Foundation and IBM Engineering products could
CVE-2021-20371 - June 02, 2021

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195516.

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF)
CVE-2021-20348 - June 02, 2021

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 194597.

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF)
CVE-2021-20347 - June 02, 2021

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194596.

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF)
CVE-2021-20345 - June 02, 2021

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194594.

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF)
CVE-2021-20346 - June 02, 2021

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194595.

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF)
CVE-2021-20343 - June 02, 2021

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194593.

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting
CVE-2021-20338 - June 02, 2021

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194449.

IBM Jazz Team Server products are vulnerable to cross-site scripting
CVE-2021-20519 - April 12, 2021

IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198441.

IBM Jazz Foundation Products are vulnerable to cross-site scripting
CVE-2021-20352 - March 30, 2021

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194710.

IBM Jazz Foundation Products are vulnerable to cross-site scripting
CVE-2021-20447 - March 30, 2021

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196623.

IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data
CVE-2021-20502 - March 30, 2021

IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 198059.

IBM Jazz Foundation Products are vulnerable to cross-site scripting
CVE-2021-20503 - March 30, 2021

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198182.

IBM Jazz Foundation Products are vulnerable to cross-site scripting
CVE-2021-20504 - March 30, 2021

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198231.

IBM Jazz Foundation Products are vulnerable to cross-site scripting
CVE-2021-20506 - March 30, 2021

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198231.

IBM Jazz Foundation Products are vulnerable to cross-site scripting
CVE-2021-20518 - March 30, 2021

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198437.

IBM Jazz Foundation Products are vulnerable to cross-site scripting
CVE-2021-20520 - March 30, 2021

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198572.

IBM Engineering products are vulnerable to cross-site scripting
CVE-2021-20340 - March 04, 2021

IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194451.

IBM Engineering products are vulnerable to cross-site scripting
CVE-2021-20350 - March 04, 2021

IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194707.

IBM Engineering products are vulnerable to cross-site scripting
CVE-2021-20351 - March 04, 2021

IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194708.

IBM Jazz Foundation products is vulnerable to cross-site scripting
CVE-2021-20357 - January 27, 2021

IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963.