Ibm Engineering Requirements Management Doors Web Access vulnerabilities
5 known vulnerabilities affecting ibm/engineering_requirements_management_doors_web_access.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2024-43190MEDIUMCVSS 5.9≥ 9.6, ≤ 9.6.1.13v9.7.2.92025-07-07
CVE-2024-43190 [MEDIUM] CWE-640 CVE-2024-43190: IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a r
IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a remote attacker to obtain password reset instructions of a legitimate user using man in the middle techniques.
nvd
CVE-2023-50304HIGHCVSS 8.2v9.7.2.82024-07-18
CVE-2023-50304 [HIGH] CWE-611 CVE-2023-50304: IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External En
IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 273335.
nvd
CVE-2023-50305MEDIUMCVSS 5.1v9.7.2.72024-03-01
CVE-2023-50305 [MEDIUM] CWE-521 CVE-2023-50305: IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong
IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336.
nvd
CVE-2023-28525MEDIUMCVSS 4.8v9.7.2.72024-03-01
CVE-2023-28525 [MEDIUM] CWE-79 CVE-2023-28525: IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. This vulnerab
IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251052.
nvd
CVE-2023-28949MEDIUMCVSS 6.5v9.7.2.72024-03-01
CVE-2023-28949 [MEDIUM] CWE-352 CVE-2023-28949: IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery wh
IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216.
nvd