IBM Engineering Lifecycle Optimization Publishing
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in IBM Engineering Lifecycle Optimization Publishing.
By the Year
In 2025 there have been 5 vulnerabilities in IBM Engineering Lifecycle Optimization Publishing with an average score of 7.1 out of ten. Last year, in 2024 Engineering Lifecycle Optimization Publishing had 1 security vulnerability published. That is, 4 more vulnerabilities have already been reported in 2025 as compared to last year. Last year, the average CVE base score was greater by 2.74
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 5 | 7.06 |
2024 | 1 | 9.80 |
2023 | 0 | 0.00 |
2022 | 6 | 5.40 |
2021 | 13 | 5.83 |
2020 | 2 | 5.05 |
2019 | 2 | 5.40 |
2018 | 3 | 5.83 |
It may take a day or so for new Engineering Lifecycle Optimization Publishing vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Engineering Lifecycle Optimization Publishing Security Vulnerabilities
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms
CVE-2024-41763
7.5 - High
- January 04, 2025
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
Use of a Broken or Risky Cryptographic Algorithm
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system
CVE-2024-41765
6.5 - Medium
- January 04, 2025
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
Directory traversal
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could
CVE-2024-41766
7.5 - High
- January 04, 2025
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression.
ReDoS
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is vulnerable to SQL injection
CVE-2024-41767
7.3 - High
- January 04, 2025
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.
SQL Injection
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could
CVE-2024-41768
6.5 - Medium
- January 04, 2025
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure state.
Missing Standardized Error Handling Mechanism
IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could
CVE-2023-45188
9.8 - Critical
- June 09, 2024
IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 268751.
Unrestricted File Upload
IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting
CVE-2021-39015
5.4 - Medium
- July 14, 2022
IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213655.
XSS
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so
CVE-2021-39016
4.3 - Medium
- July 14, 2022
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. IBM X-Force ID: 213722.
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could
CVE-2021-39017
6.5 - Medium
- July 14, 2022
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 213725.
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message
CVE-2021-39018
4.3 - Medium
- July 14, 2022
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726.
Generation of Error Message Containing Sensitive Information
IBM Engineering Lifecycle Optimization - Publishing 6.0.6
CVE-2021-39019
6.5 - Medium
- July 14, 2022
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. IBM X-Force ID: 213728.
Information Disclosure
IBM Engineering Lifecycle Optimization - Publishing 6.0.6
CVE-2021-39028
5.4 - Medium
- July 14, 2022
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 213866.
Injection
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting
CVE-2021-29668
5.4 - Medium
- June 02, 2021
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199406.
XSS
IBM Jazz Foundation and IBM Engineering products could
CVE-2020-4732
6.5 - Medium
- June 02, 2021
IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to obtain sensitive information due to lack of security restrictions. IBM X-Force ID: 188126.
Information Disclosure
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting
CVE-2021-29670
5.4 - Medium
- June 02, 2021
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199408.
XSS
IBM Jazz Foundation and IBM Engineering products could
CVE-2021-20371
6.5 - Medium
- June 02, 2021
IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195516.
Generation of Error Message Containing Sensitive Information
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF)
CVE-2021-20348
5.4 - Medium
- June 02, 2021
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 194597.
SSRF
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF)
CVE-2021-20347
5.4 - Medium
- June 02, 2021
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194596.
SSRF
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF)
CVE-2021-20346
5.4 - Medium
- June 02, 2021
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194595.
SSRF
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF)
CVE-2021-20345
5.4 - Medium
- June 02, 2021
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194594.
SSRF
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF)
CVE-2021-20343
5.4 - Medium
- June 02, 2021
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194593.
SSRF
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting
CVE-2021-20338
5.4 - Medium
- June 02, 2021
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194449.
XSS
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting
CVE-2020-5030
5.4 - Medium
- June 02, 2021
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193737.
XSS
IBM Engineering Lifecycle Optimization - Publishing is vulnerable to stored cross-site scripting
CVE-2020-4977
5.4 - Medium
- June 02, 2021
IBM Engineering Lifecycle Optimization - Publishing is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192470.
XSS
IBM Jazz Foundation and IBM Engineering products could
CVE-2020-4495
8.8 - High
- June 02, 2021
IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API, an attacker could exploit this vulnerability to bypass access restrictions, and execute arbitrary actions with administrative privileges. IBM X-Force ID: 182114.
IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure attribute on authorization tokens or session cookies
CVE-2020-4316
4.7 - Medium
- July 16, 2020
IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 177354.
IBM Rational Publishing Engine 6.0.6 and 6.0.6.1 is vulnerable to cross-site scripting
CVE-2019-4431
5.4 - Medium
- February 12, 2020
IBM Rational Publishing Engine 6.0.6 and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162888.
XSS
IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting
CVE-2018-1951
5.4 - Medium
- January 04, 2019
IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153494.
XSS
IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting
CVE-2018-1657
5.4 - Medium
- January 04, 2019
IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144883.
XSS
IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting
CVE-2018-1534
5.4 - Medium
- October 12, 2018
IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142432.
XSS
IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting
CVE-2018-1533
5.4 - Medium
- October 12, 2018
IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142431.
XSS
IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed vulnerability
CVE-2017-1787
6.7 - Medium
- March 02, 2018
IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed vulnerability that could allow a local user with administrative privileges to obtain hard coded user credentials. IBM X-Force ID: 137022.
Use of Hard-coded Credentials
Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002
CVE-2016-2914
5.4 - Medium
- August 08, 2016
Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to execute arbitrary code by specifying an unexpected file extension.
Unrestricted File Upload
Cross-site scripting (XSS) vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002
CVE-2016-2912
5.4 - Medium
- August 08, 2016
Cross-site scripting (XSS) vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Engineering Lifecycle Optimization Publishing or by IBM? Click the Watch button to subscribe.
