Intland: >> Codebeamer >> 8.2.1 Security Vulnerabilities
codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-04-02
In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS) vulnerability in the Upload Flash File feature allows authenticated remote attackers to inject arbitrary scripts via an active script embedded in an SWF file.
CVSS Score
4.8
EPSS Score
0.003
Published
2020-03-30
In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter.
CVSS Score
4.8
EPSS Score
0.003
Published
2020-03-30