CVE-2023-50305

CWE-5213 documents3 sources

Severity

5.1MEDIUM

EPSS

0.0%

top 95.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Engineering Requirements Management IBM Engineering Requirements Management Doors IBM Engineering Requirements Management Doors WEB Access

Timeline

PublishedMar 1

Description

IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 1.4 | Impact: 3.6

Affected Packages3 packages

▶NVDibm/engineering_requirements_management_doors9.7.2.7

▶NVDibm/engineering_requirements_management_doors_web_access9.7.2.7

▶CVEListV5ibm/engineering_requirements_management9.7.2.7

🔴Vulnerability Details

CVEList

IBM Engineering Requirements Management information disclosure↗2024-03-01

▶

GHSA

GHSA-32m5-wrmj-7cr6: IBM Engineering Requirements Management DOORS 9↗2024-03-01

▶