CVE-2024-43169 — Download of Code Without Integrity Check in IBM Engineering Requirements Management Doors Next

CWE-494 — Download of Code Without Integrity Check3 documents3 sources

Severity

6.5MEDIUMNVD

CNA8.8

EPSS

0.1%

top 72.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Engineering Requirements Management Doors Next

Timeline

PublishedMar 3

Description

IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/engineering_requirements_management_doors_next7.0.2, 7.0.3, 7.1+2

▶NVDibm/engineering_requirements_management_doors_next7.0.2, 7.0.3, 7.1+2

🔴Vulnerability Details

CVEList

IBM Engineering Requirements Management DOORS Next file download↗2025-03-03

▶

GHSA

GHSA-6xv6-rjcf-vc95: IBM Engineering Requirements Management DOORS Next 7↗2025-03-03

▶