48 matches found
Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to Broken Access Control for reviews (CVE-2025-2139) and comments (CVE-2025-2138), email spoofing (CVE-2025-2140) and DoS attacks (CVE-2025-33096)
Summary IBM Engineering Requirements Management DOORS Next is vulnerable to Broken Access Control for reviews CVE-2025-2139 and comments CVE-2025-2138, Unrestricted Email Recipients and Sender Spoofing CVE-2025-2140 and Artifact Upload Quote Parsing Allows DoS Attacks CVE-2025-33096. Vulnerabilit...
CVE-2025-2138
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security...
CVE-2025-2140
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source data...
EUVD-2025-33895
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion...
EUVD-2025-33893
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security...
CVE-2025-2139
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security...
CVE-2025-33096
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion...
CVE-2025-2138
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security...
CVE-2025-2140
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source data...
CVE-2025-2138 IBM Engineering Requirements Management Doors Next data modification
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security...
CVE-2025-2139 IBM Engineering Requirements Management Doors Next security bypass
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security...
CVE-2025-2140 IBM Engineering Requirements Management Doors Next spoofing
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source data...
CVE-2025-33096 IBM Engineering Requirements Management Doors Next denial of service
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion...
CVE-2025-33096
IBM Engineering Requirements Management DOORS Next versions 7.0.2, 7.0.3, and 7.1 are affected by CVE-2025-33096 due to an uncontrolled recursion when uploading specially crafted files, allowing an authenticated user on the network to cause a denial of service. The associated IBM Security Bulleti...
CVE-2025-1826
IBM Engineering Requirements Management DOORS Next IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034, 7.0.3 to 7.0.3 iFix016, and 7.1.0 to 7.1.0 iFix004 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host network to embed arbitrary JavaScript code in t...
CVE-2025-1826
IBM Engineering Requirements Management DOORS Next IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034, 7.0.3 to 7.0.3 iFix016, and 7.1.0 to 7.1.0 iFix004 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host network to embed arbitrary JavaScript code in t...
EUVD-2017-10294
Malware in sbrugna...
EUVD-2017-10694
Malware in sbrugna...
EUVD-2017-10704
Malware in sbrugna...
EUVD-2018-12492
Malware in sbrugna...