Lucene search
K

31 matches found

CVE
CVE
added 2026/03/03 7:51 p.m.20 views

CVE-2025-13734

IBM Engineering Requirements Management DOORS Next (versions 7.1 and 7.2) contains an access-control flaw (CWE-862) that could allow an authenticated user to view and edit data beyond their authorized permissions. The issue arises from insufficient authorization enforcement and has a CVSS v3.1 ba...

5.4CVSS5.9AI score0.00144EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/10/12 1:37 p.m.8 views

CVE-2025-2138 IBM Engineering Requirements Management Doors Next data modification

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security...

3.5CVSS0.0017EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/07 5:45 p.m.10 views

CVE-2024-43190 IBM Engineering Requirements Management DOORS weak authentication

IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a remote attacker to obtain password reset instructions of a legitimate user using man in the middle techniques...

5.9CVSS0.00299EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 4:0 a.m.20 views

Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to Reflected File Download (CVE-2024-43169)

Summary IBM Engineering Requirements Management DOORS Next is vulnerable to Reflected File Download CVE-2024-43169. Vulnerability Details CVEID:CVE-2024-43169 DESCRIPTION: IBM Engineering Requirements Management DOORS Next could allow a user to download a malicious file without verifying the...

8.8CVSS7.7AI score0.00177EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/03 1:31 p.m.7 views

Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to Temporary File Download (CVE-2024-41771) and Archive File Download (CVE-2024-41770)

Summary IBM Engineering Requirements Management DOORS Next is vulnerable to Temporary File Download CVE-2024-41771 and Archive File Download CVE-2024-41770. Vulnerability Details CVEID:CVE-2024-41770 DESCRIPTION: IBM Engineering Requirements Management DOORS Next could allow a remote attacker to...

7.5CVSS6.7AI score0.00442EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/23 3:59 p.m.24 views

Security Bulletin: Multiple Oracle Outside In Technology vulnerabilities in IBM Engineering Requirements Management DOORS Next

Summary Multiple security vulnerabilities in Oracle Outside In Technology affect IBM Engineering Requirements Management DOORS Next. Vulnerability Details CVEID:CVE-2024-21117 DESCRIPTION: An unspecified vulnerability in Oracle Outside In Technology related to the Outside In Core component could...

6.3CVSS5.9AI score0.00367EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/16 6:50 p.m.38 views

Security Bulletin: IBM License Key Server Administration and Reporting Tool, and its Agent is vulnerable to Password Exposure via UI inspection

Summary A vulnerability in IBM License Key Server Administration and Reporting Tool, and Agent allowed users' stored passwords to be exposed through the browser's console. This issue could potentially lead to unauthorized access to user accounts if an attacker gained access to the logged-in user'...

6.5CVSS5.5AI score0.00262EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/09 4:51 a.m.19 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using the -Xgc:concurrentScavenge option on IBM Z is vulnerable to Buffer overflow in GC

Summary CVE-2024-3933 affects IBM SDK, Java Technology Edition. An update has been released to address the vulnerability. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management, IBM Jazz...

7.3CVSS5.6AI score0.00207EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/13 7:37 a.m.30 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service (CVE-2024-25026)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. The following IBM®...

7.5CVSS6.3AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/20 6:38 a.m.61 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2023-44487)

Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been address...

7.5CVSS8AI score0.99999EPSS
Exploits19Affected Software1
CNVD
CNVD
added 2024/03/05 12:0 a.m.6 views

IBM Engineering Requirements Management DOORS Cross-Site Request Forgery Vulnerability

IBM Engineering Requirements Management DOORS is a requirements management tool. IBM Engineering Requirements Management DOORS suffers from a cross-site request forgery vulnerability that can be exploited by an attacker to perform malicious and unauthorized actions from a user trusted by the site...

6.5CVSS6.4AI score0.00247EPSS
Exploits0References1
Prion
Prion
added 2024/03/01 2:15 a.m.33 views

Design/Logic Flaw

IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336...

1.2CVSS6AI score0.00201EPSS
Exploits0References2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/21 12:39 p.m.44 views

Security Bulletin: Multiple Oracle Outside In Technology vulnerabilities in IBM Engineering Requirements Management DOORS Next

Summary Multiple security vulnerabilities in Oracle Outside In Technology affect IBM Engineering Requirements Management DOORS Next. Vulnerability Details CVEID:CVE-2021-35573 DESCRIPTION: An unspecified vulnerability in Oracle Outside In Technology related to the Outside In Filters component cou...

7.5CVSS7.9AI score0.0198EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/12 5:48 a.m.45 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM SDK, Java Technology Edition Quarterly CPU - Oct 2023 - Includes Oracle October 2023 CPU plus are vulnerable to CVE-2023-5676

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed i...

5.9CVSS5.9AI score0.00406EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/09 9:46 a.m.22 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to Identity Spoofing (CVE-2022-22476)

Summary IBM WebSphere Application Server Liberty and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. This affects The IBM® Engineering Lifecycle Engineering product using WebSphere Application Server Liberty versions 22.0.0.7 and prior,...

8.8CVSS6.5AI score0.0077EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/24 12:51 p.m.23 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to a privilege escalation - CVE-2023-0482

Summary IBM WebSphere Application Server Liberty is vulnerable to a privilege escalation due to RESTEasy. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Workflow Management, IBM...

5.5CVSS5.8AI score0.00819EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 10:36 a.m.34 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM Java XML vulnerability CVE-2022-21426, deferred from Oracle Apr 2022 CPU - CVE-2022-21426

Summary A flaw in the XML component may lead to excessive memory consumption when compiling certain XPath expressions, which may in turn allow an attacker to inflict a denial-of-service. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed...

5.3CVSS6.6AI score0.03203EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 10:36 a.m.38 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using WebSphere Application Server Liberty is vulnerable to server-side request forgery due to Apache CXF - CVE-2022-46364

Summary IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery due to Apache CXF. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Workflow Management, I...

9.8CVSS9.5AI score0.0193EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/27 5:53 a.m.19 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using WebSphere Application Server Liberty are vulnerable to denial of service due to Google protobuf-java

Summary There is a vulnerability in the Google protobuf-java library used by IBM WebSphere Application Server Liberty with the grpc-1.0 or grpcClient-1.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulleti...

6.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/23 10:36 a.m.55 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty are vulnerable to HTTP header injection (CVE-2022-34165)

Summary IBM WebSphere Application Server Liberty is vulnerable to HTTP header injection when processing web requests. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Global Configuration Management, IBM Engineering...

5.4CVSS5.9AI score0.00458EPSS
Exploits0Affected Software1
Rows per page
Query Builder