Ibm Engineering Requirements Management Doors Next vulnerabilities

CVE-2025-13734 [MEDIUM] CWE-862 CVE-2025-13734: IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions.

CVE-2025-33096 [MEDIUM] CWE-674 CVE-2025-33096: IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticate IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion.

CVE-2025-2140 [MEDIUM] CWE-346 CVE-2025-2140: IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticate IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source data.

CVE-2025-2139 [LOW] CWE-602 CVE-2025-2139: IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticate IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security.

CVE-2025-2138 [LOW] CWE-602 CVE-2025-2138: IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authentica IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security.

CVE-2024-41770 [HIGH] CWE-522 CVE-2024-41770: IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attack IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.

CVE-2024-41771 [HIGH] CWE-522 CVE-2024-41771: IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attack IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.

CVE-2024-43169 [MEDIUM] CWE-494 CVE-2024-43169: IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to downl IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code.

CVE-2024-41787 [HIGH] CWE-367 CVE-2024-41787: IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code.

CVE-2023-45192 [HIGH] CWE-611 CVE-2023-45192: IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 268758.

CVE-2020-4965 [HIGH] CWE-327 CVE-2020-4965: IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422.

CVE-2021-20519 [MEDIUM] CWE-79 CVE-2021-20519: IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows user IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198441.

CVE-2020-4920 [MEDIUM] CWE-79 CVE-2020-4920: IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allo IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191396.

CVE-2020-4964 [MEDIUM] CVE-2020-4964: IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419.

CVE-2021-20357 [MEDIUM] CWE-79 CVE-2021-20357: IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963.

CVE-2020-4524 [MEDIUM] CWE-79 CVE-2020-4524: IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434.

CVE-2020-4865 [MEDIUM] CWE-79 CVE-2020-4865: IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741.

CVE-2020-4547 [MEDIUM] CWE-1021 CVE-2020-4547: IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the vict IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315.

CVE-2020-4855 [MEDIUM] CWE-79 CVE-2020-4855: IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457.

CVE-2020-4445 [MEDIUM] CWE-79 CVE-2020-4445: IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability a IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 181122.