CVE-2023-50304 – IBM Engineering Requirements Management DOORS XML external entity injection
https://notcve.org/view.php?id=CVE-2023-50304
IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 273335. IBM Engineering Requisitos Management DOORS Web Access 9.7.2.8 es vulnerable a un ataque de inyección de entidad externa XML (XXE) al procesar datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para exponer información confidencial o consumir recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/273335 https://www.ibm.com/support/pages/node/7160471 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2023-28949 – IBM Engineering Requirements Management cross-site request forgery
https://notcve.org/view.php?id=CVE-2023-28949
IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216. IBM Engineering Requisitos Management DOORS 9.7.2.7 es vulnerable a la Cross-Site Request Forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que confía el sitio web. ID de IBM X-Force: 251216. • https://exchange.xforce.ibmcloud.com/vulnerabilities/251216 https://www.ibm.com/support/pages/node/7124058 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-50305 – IBM Engineering Requirements Management information disclosure
https://notcve.org/view.php?id=CVE-2023-50305
IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336. IBM Engineering Requisitos Management DOORS 9.7.2.7 no requiere que los usuarios tengan contraseñas seguras de forma predeterminada, lo que facilita que los atacantes comprometan las cuentas de los usuarios. ID de IBM X-Force: 273336. • https://exchange.xforce.ibmcloud.com/vulnerabilities/273336 https://www.ibm.com/support/pages/node/7124058 • CWE-521: Weak Password Requirements •
CVE-2023-28525 – IBM Engineering Requirements Management cross-site scripting
https://notcve.org/view.php?id=CVE-2023-28525
IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251052. IBM Engineering Requisitos Management 9.7.2.7 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/251052 https://www.ibm.com/support/pages/node/7124058 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-29844
https://notcve.org/view.php?id=CVE-2021-29844
IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. Los productos IBM Jazz Team Server son vulnerables a un ataque de tipo server-side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el sistema, conllevando potencialmente a una enumeración de la red o facilitar otros ataques • https://exchange.xforce.ibmcloud.com/vulnerabilities/205205 https://www.ibm.com/support/pages/node/6508583 • CWE-918: Server-Side Request Forgery (SSRF) •