IBM Product Security Update Advisory (CVE-2024-39726)

Nov 18 2024

Overview

An update has been released to address vulnerabilities in IBM Products. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-39726

Engineering Lifecycle Optimization – Engineering Insights (ENI) version: 7.0.3
Engineering Lifecycle Optimization – Engineering Insights (ENI) version: 7.0.2

Resolved Vulnerabilities

XML foreign object injection vulnerability (CVE-2024-39726) that could expose sensitive information or consume memory resources when processing XML data

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-39726

Engineering Lifecycle Optimization – Engineering Insights (ENI) version: 7.0.3 iFix009
Engineering Lifecycle Optimization – Engineering Insights (ENI) version: 7.0.2 iFix031

Referenced Sites

[1] CVE-2024-39726 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-39726

[2] Security Bulletin: IBM Engineering Lifecycle Optimization – Engineering Insights is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.

https://www.ibm.com/support/pages/node/7176208

IBM Product Security Update Advisory (CVE-2024-39726)

Microsoft Edge browser (131.0.6778.69/.70) version security update advisory

Laravel Security Update Advisory (CVE-2024-52301)

Tags:

Microsoft Edge browser (131.0.6778.69/.70) version security update advisory

Laravel Security Update Advisory (CVE-2024-52301)