Engineering Workflow Management

CVEs (61)

CVE	Vendor / Product	CVSS	Published	Description
CVE-2024-28793	IBM Engineering Workflow Management	—	May 28, 2024	IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. Under certain configurations, this vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to…
CVE-2023-43054	IBM Engineering Workflow Management	—	Mar 3, 2024	IBM Engineering Test Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…
CVE-2021-38934	IBM Engineering Workflow Management	—	Aug 29, 2022	IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…
CVE-2020-4989	IBM Rational Team Concert	—	Mar 15, 2022	IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and 6.0.0.1 could allow an authenticated user to obtain sensitive information about build definitions. IBM X-Force ID: 192707.
CVE-2021-29701	IBM Rational Team Concert	—	Jan 11, 2022	IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system. IBM X-Force ID:…
CVE-2021-29844	IBM Rational Team Concert	—	Oct 27, 2021	IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVE-2021-29786	IBM Rational Team Concert	—	Oct 27, 2021	IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172.
CVE-2021-29774	IBM Rational Team Concert	—	Oct 27, 2021	IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025.
CVE-2021-29713	IBM Rational Team Concert	—	Oct 27, 2021	IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2021-29673	IBM Rational Team Concert	—	Oct 27, 2021	IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…
CVE-2020-5004	IBM Rational Quality Manager	—	Jul 28, 2021	IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…
CVE-2020-4974	IBM Rational Quality Manager	—	Jul 28, 2021	IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.
CVE-2021-20507	IBM Rational Team Concert	—	Jul 19, 2021	IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…
CVE-2020-5031	IBM Rational Team Concert	—	Jul 19, 2021	IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…
CVE-2021-29670	IBM Rational Quality Manager	—	Jun 2, 2021	IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…
CVE-2021-29668	IBM Rational Quality Manager	—	Jun 2, 2021	IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…
CVE-2021-20371	IBM Rational Quality Manager	—	Jun 2, 2021	IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195516.
CVE-2021-20348	IBM Rational Quality Manager	—	Jun 2, 2021	IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID:…
CVE-2021-20347	IBM Rational Quality Manager	—	Jun 2, 2021	IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force…
CVE-2021-20346	IBM Rational Quality Manager	—	Jun 2, 2021	IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force…

CVE-2024-28793May 28, 2024
IBM
Engineering Workflow Management
risk 0.00cvss —epss 0.00
IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. Under certain configurations, this vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to…
CVE-2023-43054Mar 3, 2024
IBM
Engineering Workflow Management
risk 0.00cvss —epss 0.00
IBM Engineering Test Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…
CVE-2021-38934Aug 29, 2022
IBM
Engineering Workflow Management
risk 0.00cvss —epss 0.00
IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…
CVE-2020-4989Mar 15, 2022
IBM
Rational Team Concert
risk 0.00cvss —epss 0.00
IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and 6.0.0.1 could allow an authenticated user to obtain sensitive information about build definitions. IBM X-Force ID: 192707.
CVE-2021-29701Jan 11, 2022
IBM
Rational Team Concert
risk 0.00cvss —epss 0.00
IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system. IBM X-Force ID:…
CVE-2021-29844Oct 27, 2021
IBM
Rational Team Concert
risk 0.00cvss —epss 0.00
IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVE-2021-29786Oct 27, 2021
IBM
Rational Team Concert
risk 0.00cvss —epss 0.00
IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172.
CVE-2021-29774Oct 27, 2021
IBM
Rational Team Concert
risk 0.00cvss —epss 0.00
IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025.
CVE-2021-29713Oct 27, 2021
IBM
Rational Team Concert
risk 0.00cvss —epss 0.00
IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2021-29673Oct 27, 2021
IBM
Rational Team Concert
risk 0.00cvss —epss 0.00
IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…
CVE-2020-5004Jul 28, 2021
IBM
Rational Quality Manager
risk 0.00cvss —epss 0.00
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…
CVE-2020-4974Jul 28, 2021
IBM
Rational Quality Manager
risk 0.00cvss —epss 0.00
IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.
CVE-2021-20507Jul 19, 2021
IBM
Rational Team Concert
risk 0.00cvss —epss 0.00
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…
CVE-2020-5031Jul 19, 2021
IBM
Rational Team Concert
risk 0.00cvss —epss 0.00
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…
CVE-2021-29670Jun 2, 2021
IBM
Rational Quality Manager
risk 0.00cvss —epss 0.00
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…
CVE-2021-29668Jun 2, 2021
IBM
Rational Quality Manager
risk 0.00cvss —epss 0.00
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…
CVE-2021-20371Jun 2, 2021
IBM
Rational Quality Manager
risk 0.00cvss —epss 0.00
IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195516.
CVE-2021-20348Jun 2, 2021
IBM
Rational Quality Manager
risk 0.00cvss —epss 0.00
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID:…
CVE-2021-20347Jun 2, 2021
IBM
Rational Quality Manager
risk 0.00cvss —epss 0.00
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force…
CVE-2021-20346Jun 2, 2021
IBM
Rational Quality Manager
risk 0.00cvss —epss 0.00
IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force…

Page 1 of 4