CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43190 – IBM Engineering Requirements Management DOORS weak authentication
https://notcve.org/view.php?id=CVE-2024-43190
07 Jul 2025 — IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a remote attacker to obtain password reset instructions of a legitimate user using man in the middle techniques. IBM Engineering Requirements Management DOORS 9.7.2.9, bajo ciertas configuraciones, podría permitir que un atacante remoto obtenga instrucciones de restablecimiento de contraseña de un usuario legítimo utilizando técnicas de intermediario. • https://www.ibm.com/support/pages/node/7238992 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41771 – IBM Engineering Requirements Management DOORS Next information disclosure
https://notcve.org/view.php?id=CVE-2024-41771
03 Mar 2025 — IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information. • https://www.ibm.com/support/pages/node/7184663 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41770 – IBM Engineering Requirements Management DOORS Next information disclosure
https://notcve.org/view.php?id=CVE-2024-41770
03 Mar 2025 — IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information. • https://www.ibm.com/support/pages/node/7184663 • CWE-522: Insufficiently Protected Credentials •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43169 – IBM Engineering Requirements Management DOORS Next file download
https://notcve.org/view.php?id=CVE-2024-43169
03 Mar 2025 — IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code. • https://www.ibm.com/support/pages/node/7184506 • CWE-494: Download of Code Without Integrity Check •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41787 – IBM Engineering Requirements Management DOORS Next code execution
https://notcve.org/view.php?id=CVE-2024-41787
10 Jan 2025 — IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code. • https://www.ibm.com/support/pages/node/7180636 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50304 – IBM Engineering Requirements Management DOORS XML external entity injection
https://notcve.org/view.php?id=CVE-2023-50304
18 Jul 2024 — IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 273335. IBM Engineering Requisitos Management DOORS Web Access 9.7.2.8 es vulnerable a un ataque de inyección de entidad externa XML (XXE) al procesar datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para expone... • https://exchange.xforce.ibmcloud.com/vulnerabilities/273335 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45192 – IBM Engineering Requirements Management DOORS Next XML external entity injection
https://notcve.org/view.php?id=CVE-2023-45192
06 Jun 2024 — IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 268758. IBM Engineering Requisitos Management DOORS Next 7.0.2 y 7.0.3 es vulnerable a un ataque de inyección de entidad externa XML (XXE) al procesar datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para expo... • https://exchange.xforce.ibmcloud.com/vulnerabilities/268758 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28949 – IBM Engineering Requirements Management cross-site request forgery
https://notcve.org/view.php?id=CVE-2023-28949
01 Mar 2024 — IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216. IBM Engineering Requisitos Management DOORS 9.7.2.7 es vulnerable a la Cross-Site Request Forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que confía el sitio web. ID de IBM X-Force: 25121... • https://exchange.xforce.ibmcloud.com/vulnerabilities/251216 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-50305 – IBM Engineering Requirements Management information disclosure
https://notcve.org/view.php?id=CVE-2023-50305
01 Mar 2024 — IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336. IBM Engineering Requisitos Management DOORS 9.7.2.7 no requiere que los usuarios tengan contraseñas seguras de forma predeterminada, lo que facilita que los atacantes comprometan las cuentas de los usuarios. ID de IBM X-Force: 273336. • https://exchange.xforce.ibmcloud.com/vulnerabilities/273336 • CWE-521: Weak Password Requirements •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28525 – IBM Engineering Requirements Management cross-site scripting
https://notcve.org/view.php?id=CVE-2023-28525
01 Mar 2024 — IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251052. IBM Engineering Requisitos Management 9.7.2.7 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/251052 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •