8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
8.3 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
IBM Engineering Requirements Management DOORS Next is vulnerable to CVE-2023-45192 (potential XML External Entity Injection (XEE) attacks).
CVEID:CVE-2023-45192
**DESCRIPTION:**IBM Engineering Requirements Management DOORS Next is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268758 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
DOORS Next | 7.0.2 |
DOORS Next | 7.0.3 |
IBM strongly recommends addressing the vulnerabilities now by taking the actions documented in this bulletin.
For IBM Engineering Requirements Management DOORS Next 7.0.2, install ifix 29 or newer.
For IBM Engineering Requirements Management DOORS Next 7.0.3, install ifix 1 or newer.
None
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
8.3 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%