Ibm Engineering Requirements Management Doors vulnerabilities

CVE-2024-43190 [MEDIUM] CWE-640 CVE-2024-43190: IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a r IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a remote attacker to obtain password reset instructions of a legitimate user using man in the middle techniques.

CVE-2023-50304 [HIGH] CWE-611 CVE-2023-50304: IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External En IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 273335.

CVE-2023-50305 [MEDIUM] CWE-521 CVE-2023-50305: IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336.

CVE-2023-28525 [MEDIUM] CWE-79 CVE-2023-28525: IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. This vulnerab IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251052.

CVE-2023-28949 [MEDIUM] CWE-352 CVE-2023-28949: IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery wh IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216.

CVE-2018-1457 [CRITICAL] CVE-2018-1457: An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1.10 application allows an atta An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1.10 application allows an attacker to gain DOORS administrator privileges. IBM X-Force ID: 140208.

CVE-2017-1563 [MEDIUM] CWE-79 CVE-2017-1563: IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows us IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131763.

CVE-2017-1515 [MEDIUM] CWE-200 CVE-2017-1515: IBM Doors Web Access 9.5 and 9.6 could allow an authenticated user to obtain sensitive information f IBM Doors Web Access 9.5 and 9.6 could allow an authenticated user to obtain sensitive information from HTTP internal server error responses. IBM X-Force ID: 129825.

CVE-2017-1532 [MEDIUM] CWE-79 CVE-2017-1532: IBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embe IBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130411.

CVE-2017-1567 [MEDIUM] CWE-79 CVE-2017-1567: IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows us IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131769.

CVE-2017-1545 [MEDIUM] CVE-2017-1545: IBM Doors Web Access 9.5 and 9.6 could allow an attacker with physical access to the system to log i IBM Doors Web Access 9.5 and 9.6 could allow an attacker with physical access to the system to log into the application using previously stored credentials. IBM X-Force ID: 130914.

CVE-2017-1540 [MEDIUM] CWE-79 CVE-2017-1540: IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows us IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130808.

CVE-2017-1516 [MEDIUM] CWE-20 CVE-2017-1516: IBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hijack the clicking action of the IBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 129826.