Ibm Engineering_requirements_quality_assistant_on-premises
29 CVEs affecting Ibm Engineering_requirements_quality_assistant_on-premises. Latest disclosed: 2022-07-18. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-29844 | High | 8.8 | 2021-10-27 | IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from… |
CVE-2021-20502 | High | 7.1 | 2021-03-30 | IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vul… |
CVE-2021-38868 | Medium | 6.5 | 2022-07-18 | IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site request forgery which could allow an attacker to execute… |
CVE-2021-29799 | Medium | 6.5 | 2022-07-18 | IBM Engineering Requirements Quality Assistant On-Premises (All versions) could allow an authenticated user to obtain sensitive information due to improper cli… |
CVE-2021-29899 | Medium | 6.5 | 2022-03-18 | IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413. |
CVE-2020-4974 | Medium | 6.3 | 2021-07-28 | IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from… |
CVE-2021-29790 | Medium | 5.4 | 2022-07-18 | IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbit… |
CVE-2021-29788 | Medium | 5.4 | 2022-07-18 | IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbit… |
CVE-2020-5004 | Medium | 5.4 | 2021-07-28 | IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alte… |
CVE-2021-20507 | Medium | 5.4 | 2021-07-19 | IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in… |
CVE-2021-20520 | Medium | 5.4 | 2021-03-30 | IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alte… |
CVE-2021-20518 | Medium | 5.4 | 2021-03-30 | IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alte… |
CVE-2021-20506 | Medium | 5.4 | 2021-03-30 | IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alte… |
CVE-2021-20504 | Medium | 5.4 | 2021-03-30 | IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alte… |
CVE-2021-20503 | Medium | 5.4 | 2021-03-30 | IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alte… |
CVE-2021-20447 | Medium | 5.4 | 2021-03-30 | IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alte… |
CVE-2021-20352 | Medium | 5.4 | 2021-03-30 | IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alte… |
CVE-2021-20351 | Medium | 5.4 | 2021-03-04 | IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering… |
CVE-2021-20350 | Medium | 5.4 | 2021-03-04 | IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering… |
CVE-2021-20340 | Medium | 5.4 | 2021-03-04 | IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering… |