CVE-2024-41767

Name of the Vulnerable Software and Affected Versions IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 through 7.0.3

Description The issue is related to SQL injection, where a remote attacker could send specially crafted SQL statements to view, add, modify, or delete information in the back-end database.

Recommendations For versions 7.0.2 and 7.0.3, consider restricting access to the database until a patch is available. As a temporary workaround, consider disabling any functionality that allows user-inputted SQL statements until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.