Ibm Engineering Requirements Management vulnerabilities

3 known vulnerabilities affecting ibm/engineering_requirements_management.

Total CVEs

3

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

MEDIUM3

Vulnerabilities

Page 1 of 1

CVE-2023-50305MEDIUMCVSS 5.1v9.7.2.72024-03-01

CVE-2023-50305 [MEDIUM] CWE-521 CVE-2023-50305: IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336.

CVE-2023-28525MEDIUMCVSS 4.8v9.7.2.72024-03-01

CVE-2023-28525 [MEDIUM] CWE-79 CVE-2023-28525: IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. This vulnerab IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251052.

CVE-2023-28949MEDIUMCVSS 6.5v9.7.2.72024-03-01

CVE-2023-28949 [MEDIUM] CWE-352 CVE-2023-28949: IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery wh IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216.