Security Bulletin: Multiple Oracle Outside In Technology vulnerabilities in IBM Engineering Requirements Management DOORS Next

Summary

Multiple security vulnerabilities in Oracle Outside In Technology affect IBM Engineering Requirements Management DOORS Next.

Vulnerability Details

CVEID:CVE-2024-21117
**DESCRIPTION:**An unspecified vulnerability in Oracle Outside In Technology related to the Outside In Core component could allow a local authenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/287919 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2024-21119
**DESCRIPTION:**An unspecified vulnerability in Oracle Outside In Technology related to the Outside In Core component could allow a local authenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/287917 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2024-21120
**DESCRIPTION:**An unspecified vulnerability in Oracle Outside In Technology related to the Outside In Core component could allow a local authenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/287916 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2023-22127
**DESCRIPTION:**An unspecified vulnerability in Oracle Outside In Technology related to the Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK components could allow a remote authenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268805 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2024-21118
**DESCRIPTION:**An unspecified vulnerability in Oracle Outside In Technology related to the Outside In Core component could allow a local authenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/287918 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2024-20930
**DESCRIPTION:**An unspecified vulnerability in Oracle Outside In Technology related to the Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK component could allow a remote authenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279751 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Remediation/Fixes

For IBM Engineering Requirements Management DOORS Next 7.0.2, a fix is available by upgrading to 7.0.2 iFix030 or later.

For IBM Engineering Requirements Management DOORS Next 7.0.3, a fix is available by upgrading to 7.0.2 iFix007 or later.

For any prior versions of the products listed above, IBM recommends upgrading to a fixed, supported version/release/platform of the product.

If the iFix is not found in the iFix Portal please contact IBM support.

Workarounds and Mitigations

None