VYPR

Engineering & Lifecycle Management (aka pdm)

by Didotech srl

CVEs (5)

  • CVE-2026-3660CriMay 26, 2026
    risk 0.64cvss 9.8epss 0.01

    IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the application.

  • CVE-2026-4051HigMay 26, 2026
    risk 0.47cvss 7.2epss 0.00

    IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted.

  • CVE-2026-3603HigMay 26, 2026
    risk 0.46cvss 7.1epss 0.00

    IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through  Interim Fix 021, 7.1.0  Interim Fix 001 through  Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated…

  • CVE-2022-34355Oct 6, 2023
    risk 0.00cvss epss 0.00

    IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) could disclose sensitive version information to a user that could be used in further attacks against the system. IBM X-Force ID: 230498.

  • CVE-2023-40958Sep 14, 2023
    risk 0.00cvss epss 0.01

    A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the query parameter in…