CVE-2024-41787Time-of-check Time-of-use (TOCTOU) Race Condition in IBM Engineering Requirements Management Doors Next

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition3 documents3 sources
Severity
8.1HIGHNVD
CNA9.8
EPSS
0.0%
top 93.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Engineering Requirements Management Doors NextIBM Doors Next
Timeline
PublishedJan 10

Description

IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

NVDibm/doors_next7.0.2, 7.0.3+1

🔴Vulnerability Details

2
GHSA
GHSA-c5jf-c5pw-3xhj: IBM Engineering Requirements Management DOORS Next 72025-01-10
CVEList
IBM Engineering Requirements Management DOORS Next code execution2025-01-10
CVE-2024-41787 — IBM vulnerability | cvebase