Security Bulletin: The IBM Engineering Lifecycle Management products using WebSphere Application Server Liberty is affected by a remote code execution vulnerability (CVE-2025-14914)

Summary WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.1 with the restConnector-1.0 or restConnector-2.0 feature enabled is affected by a remote code execution vulnerability. Following IBM® Engineering Lifecycle Management products are vulnerable to this attack, it has been addressed in...

Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty could provide weaker than expected security (CVE-2025-14923)

Summary IBM WebSphere Application Server Liberty with versions ranging 17.0.0.3 - 26.0.0.2 could provide weaker than expected security when using the Security Utility when administering security settings. Following IBM Engineering Lifecycle Management products are vulnerable to this attack, it ha...

CVE-2025-13734

IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions...

CVE-2025-13734

IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions...

CVE-2025-13734

IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions...

CVE-2025-13734

IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions...

CVE-2025-13734

IBM Engineering Requirements Management DOORS Next (versions 7.1 and 7.2) is affected by CVE-2025-13734, which allows an authenticated user to view and edit data beyond their authorized permissions due to missing authorization (CWE-862). Base score 5.4 (CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A...

CVE-2025-13734 IBM Engineering Requirements Management DOORS Next could allow an authenticated user to access and modify data beyond authorized permissions

IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions...

EUVD-2025-208251

IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions...

PT-2026-22796

Name of the Vulnerable Software and Affected Versions IBM Engineering Requirements Management DOORS Next versions 7.1 and 7.2 Description An authenticated user may be able to view and edit data outside of their authorized permissions. Recommendations Update to a newer version that contains a fix...

IBM Engineering Requirements Management DOORS Next 安全漏洞

IBM Engineering Requirements Management DOORS Next is a scalable solution provided by the American company International Business Machines IBM. This solution can help you capture, track, analyze, and manage systems as well as advanced IT application development. Versions 7.1 and 7.2 of IBM...

Security Bulletin: IBM Engineering Requirements Management DOORS Next could allow an authenticated user to access and modify data beyond authorized permissions (CVE-2025-13734)

Summary IBM Engineering Requirements Management DOORS Next could allow an authenticated user to view and edit data beyond their assigned access permissions. This issue occurs due to insufficient authorization enforcement. An attacker with valid credentials could exploit this vulnerability to gain...

CVE-2025-1826

IBM Engineering Requirements Management DOORS Next IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034, 7.0.3 to 7.0.3 iFix016, and 7.1.0 to 7.1.0 iFix004 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host network to embed arbitrary JavaScript code in t...

Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server and WebSphere Application Server Liberty are affected by SMTP injection due to Jakarta Mail (CVE-2025-7962)

Summary A vulnerability in javaMail-1.5, javaMail-1.6, mail-2.0, or mail-2.1 features affects IBM WebSphere Application Server Liberty 17.0.0.3 - 25.0.0.11 with specific features enabled. Following IBM® Engineering Lifecycle Management products are vulnerable to this attack, and addressed in this...

Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to Broken Access Control for reviews (CVE-2025-2139) and comments (CVE-2025-2138), email spoofing (CVE-2025-2140) and DoS attacks (CVE-2025-33096)

Summary IBM Engineering Requirements Management DOORS Next is vulnerable to Broken Access Control for reviews CVE-2025-2139 and comments CVE-2025-2138, Unrestricted Email Recipients and Sender Spoofing CVE-2025-2140 and Artifact Upload Quote Parsing Allows DoS Attacks CVE-2025-33096. Vulnerabilit...

IBM Engineering Requirements Management DOORS Next Multiple Vulnerabilities (7247716)

The version of IBM Engineering Requirements Management DOORS Next installed on the remote host is 7.0.2 prior to 7.0.2 ifix 32 or 7.0.3 7.0.3 ifix 10. It is, therefore, affected by multiple vulnerabilities as referenced in the 7247716 advisory. - It is possible for an authenticated user on the...

CVE-2025-2138

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security...

CVE-2025-33096

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion...

CVE-2025-2140

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source data...

EUVD-2025-33896

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source data...