Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
codebeamer vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2020-26517
A cross-site scripting (XSS) issue exists in Intland codeBeamer ALM 10.x up to and including 10.1.SP4. It is possible to perform XSS attacks through using the WebDAV functionality to upload files to a project (Authn users), using the users import functionality (Admin only), and c...
Intland Codebeamer 10.1.0
Intland Codebeamer 10.0.0
Intland Codebeamer 10.0.1
Intland Codebeamer 21.04
605
VMScore
CVE-2020-26516
A CSRF issue exists in Intland codeBeamer ALM 10.x up to and including 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing malicious users to cause the victim's browser to execute undesired a...
Intland Codebeamer 10.1.0
Intland Codebeamer 10.0.0
Intland Codebeamer 10.0.1
Intland Codebeamer 21.04
NA
CVE-2023-4296
?If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the malicious user to inject arbitrary code to be executed in the browser on the target device.
Intland Codebeamer 21.09.0
Intland Codebeamer 22.04.0
Intland Codebeamer 22.10.0
383
VMScore
CVE-2019-20635
codeBeamer prior to 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields.
Intland Codebeamer
Intland Codebeamer 9.5.0
383
VMScore
CVE-2020-26513
An issue exists in Intland codeBeamer ALM 10.x up to and including 10.1.SP4. The ReqIF XML data, used by the codebeamer ALM application to import projects, is parsed by insecurely configured software components, which can be abused for XML External Entity Attacks.
Intland Codebeamer 10.1.0
Intland Codebeamer
445
VMScore
CVE-2020-26515
An insufficiently protected credentials issue exists in Intland codeBeamer ALM 10.x up to and including 10.1.SP4. The remember-me cookie (CB_LOGIN) issued by the application contains the encrypted user's credentials. However, due to a bug in the application code, those crede...
Intland Codebeamer 10.1.0
Intland Codebeamer
312
VMScore
CVE-2019-19912
In Intland codeBeamer ALM 9.5 and previous versions, a cross-site scripting (XSS) vulnerability in the Upload Flash File feature allows authenticated remote malicious users to inject arbitrary scripts via an active script embedded in an SWF file.
Intland Codebeamer
312
VMScore
CVE-2019-19913
In Intland codeBeamer ALM 9.5 and previous versions, there is stored XSS via the Trackers Title parameter.
Intland Codebeamer
NA
CVE-2024-3951
PTC Codebeamer is vulnerable to a cross site scripting vulnerability that could allow an malicious user to inject and execute malicious code.
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started