Security Bulletin: IBM Engineering Requirements Management DOORS and DOORS Web Access is affected by multiple vulnerabilities

Summary This release addresses multiple security vulnerabilities across various components of IBM Engineering Requirements Management DOORS and DOORS Web Access product. Many vulnerabilities are rated Critical CVSS ≥ 9.0, including a Tomcat rewrite rule bypass CVE-2025-31651, Tomcat Improper...

CVE-2025-13734 IBM Engineering Requirements Management DOORS Next could allow an authenticated user to access and modify data beyond authorized permissions

IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions...

CVE-2025-13734

IBM Engineering Requirements Management DOORS Next (versions 7.1 and 7.2) is affected by CVE-2025-13734, which allows an authenticated user to view and edit data beyond their authorized permissions due to missing authorization (CWE-862). Base score 5.4 (CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A...

CVE-2023-45192

IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 268758...

Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server and WebSphere Application Server Liberty are affected by SMTP injection due to Jakarta Mail (CVE-2025-7962)

Summary A vulnerability in javaMail-1.5, javaMail-1.6, mail-2.0, or mail-2.1 features affects IBM WebSphere Application Server Liberty 17.0.0.3 - 25.0.0.11 with specific features enabled. Following IBM® Engineering Lifecycle Management products are vulnerable to this attack, and addressed in this...

EUVD-2025-33896

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source data...

CVE-2025-2139 IBM Engineering Requirements Management Doors Next security bypass

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security...

CVE-2025-2140

CVE-2025-2140 affects IBM Engineering Requirements Management DOORS Next versions 7.0.2, 7.0.3, and 7.1. An authenticated network user could spoof the sender email identity due to improper verification of source data. The vulnerability has a CVSS v3.1 base score of 5.7 (I(H), A(N), C(N)) with imp...

IBM Engineering Requirements Management DOORS Next 安全漏洞

IBM Engineering Requirements Management DOORS Next is a scalable solution from International Business Machines IBM. The solution helps you capture, track, analyze, and manage systems and advanced IT application development. A security vulnerability exists in IBM Engineering Requirements Managemen...

IBM Engineering Requirements Management DOORS Next 安全漏洞

IBM Engineering Requirements Management DOORS Next is a scalable solution from International Business Machines IBM. The solution helps you capture, track, analyze, and manage systems and advanced IT application development. A security vulnerability exists in IBM Engineering Requirements Managemen...

EUVD-2025-5585

Malicious code in bioql PyPI...

EUVD-2025-5586

Malicious code in bioql PyPI...

EUVD-2024-54752

Malicious code in bioql PyPI...

EUVD-2023-32567

Malicious code in bioql PyPI...

Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty is affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)

Summary There is a vulnerability in Apache Commons FileUpload which affects IBM WebSphere Application Server traditional and affects IBM WebSphere Application Server Liberty with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. Following IBM® Engineering...

IBM Engineering Requirements Management DOORS 9.7.2.9 < 9.7.2.10 Multiple Vulnerabilities (7238992)

The version of IBM Engineering Requirements Management DOORS formerly IBM Rational DOORS installed on the remote host is 9.7.2.9 prior to 9.7.2.10. It is, therefore, affected by multiple vulnerabilities as referenced in the 7238992 advisory. - CKEditor4 is an open source WYSIWYG HTML editor. In...

CVE-2024-43190

IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a remote attacker to obtain password reset instructions of a legitimate user using man in the middle techniques...

CVE-2024-43190 IBM Engineering Requirements Management DOORS weak authentication

IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a remote attacker to obtain password reset instructions of a legitimate user using man in the middle techniques...

CVE-2024-43190 IBM Engineering Requirements Management DOORS weak authentication

IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a remote attacker to obtain password reset instructions of a legitimate user using man in the middle techniques...

IBM Engineering Requirements Management DOORS 授权问题漏洞

IBM Engineering Requirements Management DOORS is a requirements management tool from International Business Machines IBM. An authorization issue vulnerability exists in IBM Engineering Requirements Management DOORS version 9.7.2.9, which stems from a misconfiguration that could lead to a...