CVE-2025-2138 — Client-Side Enforcement of Server-Side Security in IBM Engineering Requirements Management Doors Next
Severity
3.5LOWNVD
EPSS
0.0%
top 97.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 12
Description
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1
could allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security.
CVSS vector
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.1 | Impact: 1.4