← Back

Intland

intland

8 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Codebeamer
codebeamer
8 CVEs

CVEs (8)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-4296
1Intland
1Codebeamer
Feb 13, 2025
Aug 29, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
​If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device.
CVE-2020-26517
1Intland
1Codebeamer
Nov 21, 2024
Jun 8, 2021
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
A cross-site scripting (XSS) issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project (Authn users),...Show more
A cross-site scripting (XSS) issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project (Authn users), using the users import functionality (Admin only), and changing the login text in the application configuration (Admin only).Show less
CVE-2020-26516
1Intland
1Codebeamer
Nov 21, 2024
Jun 8, 2021
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to caus...Show more
A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim's browser to execute undesired actions in the web application through crafted requests.Show less
CVE-2020-26515
1Intland
1Codebeamer
Nov 21, 2024
Jun 8, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie (CB_LOGIN) issued by the application contains the encrypted user's credentials. However...Show more
An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie (CB_LOGIN) issued by the application contains the encrypted user's credentials. However, due to a bug in the application code, those credentials are encrypted using a NULL encryption key.Show less
CVE-2020-26513
1Intland
1Codebeamer
Nov 21, 2024
Dec 7, 2020
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The ReqIF XML data, used by the codebeamer ALM application to import projects, is parsed by insecurely configured software components, which can be...Show more
An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The ReqIF XML data, used by the codebeamer ALM application to import projects, is parsed by insecurely configured software components, which can be abused for XML External Entity Attacks.Show less
CVE-2019-20635
1Intland
1Codebeamer
Nov 21, 2024
Apr 2, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields.
CVE-2019-19913
1Intland
1Codebeamer
Nov 21, 2024
Mar 30, 2020
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter.
CVE-2019-19912
1Intland
1Codebeamer
Nov 21, 2024
Mar 30, 2020
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS) vulnerability in the Upload Flash File feature allows authenticated remote attackers to inject arbitrary scripts via an active script embedded in an...Show more
In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS) vulnerability in the Upload Flash File feature allows authenticated remote attackers to inject arbitrary scripts via an active script embedded in an SWF file.Show less