CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
31.8%
IBM Engineering Lifecycle Optimization - Publishing Does not support Container authentication from 7.0.3
CVEID:CVE-2023-45187
**DESCRIPTION:**IBM Engineering Lifecycle Optimization - Publishing does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268749 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
CVEID:CVE-2023-45190
**DESCRIPTION:**IBM Engineering Lifecycle Optimization is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268754 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVEID:CVE-2023-45191
**DESCRIPTION:**IBM Engineering Lifecycle Optimization uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268755 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
PUB | 7.0.3 |
PUB | 7.0.2 |
IBM Engineering Lifecycle Optimization - Publishing Does not support Container authentication from 7.0.3
Below CVE are due to server container authentication and from PUB 7.0.3 Container authentication is not supported, Please read the document here : <https://www.ibm.com/docs/en/engineering-lifecycle-management-suite/lifecycle-optimization-publishing/7.0.3?topic=authentication-container>
CVEID:CVE-2023-45187, CVE-2023-45190, CVE-2023-45191
Do not use Container authentication insteed of use JTS authentication
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | engineering_lifecycle_optimization_-_publishing | 7.0.2 | cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.2:*:*:*:*:*:*:* |
ibm | engineering_lifecycle_optimization_-_publishing | 7.0.3 | cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_publishing:7.0.3:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
31.8%