Ibm Engineering Workflow Management

This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor	Ibm	First view	2020-07-16
Product	Engineering Workflow Management	Last view	2024-05-28
Version		Type	Application
Update
Edition
Language
Sofware Edition
Target Software
Target Hardware
Other

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name	Affected CVE
cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:::::::*	37
cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:::::::*	35
cpe:2.3:a:ibm:engineering_workflow_management:7.0:::::::*	26
cpe:2.3:a:ibm:engineering_workflow_management:7.0.0:::::::*	18
cpe:2.3:a:ibm:engineering_workflow_management:6.0.6:::::::*	6
cpe:2.3:a:ibm:engineering_workflow_management:6.0.6.1:::::::*	6
cpe:2.3:a:ibm:engineering_workflow_management:6.0.2:::::::*	5
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:::::::*	1

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.

	Date	Alert	Description
5.4	2024-05-28	CVE-2024-28793	IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. Under certain configurations, this vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286830.
4.3	2022-01-11	CVE-2021-29701	IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system. IBM X-Force ID: 200657.
8.8	2021-10-27	CVE-2021-29844	IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
6.5	2021-10-27	CVE-2021-29786	IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172.
7.5	2021-10-27	CVE-2021-29774	IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025.
5.4	2021-10-27	CVE-2021-29673	IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199482.
5.4	2021-07-28	CVE-2020-5004	IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957.
6.3	2021-07-28	CVE-2020-4974	IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.
5.4	2021-07-19	CVE-2021-20507	IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198235.
5.4	2021-07-19	CVE-2020-5031	IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 193738.
5.4	2021-04-12	CVE-2021-20519	IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198441.
7.5	2021-04-12	CVE-2020-4965	IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422.
4.3	2021-04-12	CVE-2020-4964	IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419.
5.4	2021-04-12	CVE-2020-4920	IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191396.
5.4	2021-03-30	CVE-2021-20520	IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198572.
5.4	2021-03-30	CVE-2021-20518	IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198437.
5.4	2021-03-30	CVE-2021-20506	IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198231.
5.4	2021-03-30	CVE-2021-20504	IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198231.
5.4	2021-03-30	CVE-2021-20503	IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198182.
7.1	2021-03-30	CVE-2021-20502	IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 198059.
5.4	2021-03-30	CVE-2021-20447	IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196623.
5.4	2021-03-30	CVE-2021-20352	IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194710.
5.4	2021-03-04	CVE-2021-20351	IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194708.
5.4	2021-03-04	CVE-2021-20350	IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194707.
5.4	2021-03-04	CVE-2021-20340	IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194451.

CWE : Common Weakness Enumeration

%	id	Name
87% (34)	CWE-79	Failure to Preserve Web Page Structure ('Cross-site Scripting')
5% (2)	CWE-209	Information Exposure Through an Error Message
2% (1)	CWE-611	Information Leak Through XML External Entity File Disclosure
2% (1)	CWE-327	Use of a Broken or Risky Cryptographic Algorithm
2% (1)	CWE-312	Cleartext Storage of Sensitive Information

CPE Name	Affected CVE
cpe:2.3:a:ibm:engineering_workflow_management:7.0.1:::::::*	37
cpe:2.3:a:ibm:engineering_workflow_management:7.0.2:::::::*	35
cpe:2.3:a:ibm:engineering_workflow_management:7.0:::::::*	26
cpe:2.3:a:ibm:engineering_workflow_management:7.0.0:::::::*	18
cpe:2.3:a:ibm:engineering_workflow_management:6.0.6:::::::*	6
cpe:2.3:a:ibm:engineering_workflow_management:6.0.6.1:::::::*	6
cpe:2.3:a:ibm:engineering_workflow_management:6.0.2:::::::*	5
cpe:2.3:a:ibm:engineering_workflow_management:7.0.3:::::::*	1

Mapping	Total
CVE ID(s)	46
CWE ID(s)	5

	%	Affected CVE
Critical (9-10)	0%	0
High (7-8.9)	8.7%	4
Medium (4-6.9)	91.3%	42
Low (0.1-3.9)	0%	0
Pending... (0)	0%	0

Ibm Engineering Workflow Management

Summary

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

Related : CVE

CWE : Common Weakness Enumeration

vDNA Monitoring

Global informations

Risk Rating (CVSS)

Open Standards

COMPANY

STANDARDS

RECENT POSTS

MENU

	no vDNA Monitoring
Monitor this product now !