IBM6B4AD5EC9D621C030F4F84CEC927E49F458609CC1EDC5060572F408F54092364Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to XML External Entity Injection (XEE) (CVE-2023-45192)
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
8.3 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Summary
IBM Engineering Requirements Management DOORS Next is vulnerable to CVE-2023-45192 (potential XML External Entity Injection (XEE) attacks).
Vulnerability Details
CVEID:CVE-2023-45192
**DESCRIPTION:**IBM Engineering Requirements Management DOORS Next is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268758 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| DOORS Next | 7.0.2 |
| DOORS Next | 7.0.3 |
Remediation/Fixes
IBM strongly recommends addressing the vulnerabilities now by taking the actions documented in this bulletin.
For IBM Engineering Requirements Management DOORS Next 7.0.2, install ifix 29 or newer.
For IBM Engineering Requirements Management DOORS Next 7.0.3, install ifix 1 or newer.
Workarounds and Mitigations
None
Affected configurations
Related
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
8.3 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%