Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Engineering Lifecycle Management

Source -

CNA

CNA CVEs -

2

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
2Vulnerabilities found
CVE-2025-36157
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 23.14%
||
7 Day CHG~0.00%
Published-24 Aug, 2025 | 01:14
Updated-26 Aug, 2025 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Engineering Lifecycle Management incorrect authorization

IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions.

Action-Not Available
Vendor-IBM Corporation
Product-Engineering Lifecycle Management
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-34355
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.02% / 3.72%
||
7 Day CHG~0.00%
Published-06 Oct, 2023 | 20:43
Updated-19 Sep, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Jazz Foundation information disclosure

IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) could disclose sensitive version information to a user that could be used in further attacks against the system. IBM X-Force ID: 230498.

Action-Not Available
Vendor-IBM Corporation
Product-engineering_lifecycle_managementcollaborative_lifecycle_managementEngineering Lifecycle Management
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor