31 matches found
CVE-2025-13734
IBM Engineering Requirements Management DOORS Next (versions 7.1 and 7.2) contains an access-control flaw (CWE-862) that could allow an authenticated user to view and edit data beyond their authorized permissions. The issue arises from insufficient authorization enforcement and has a CVSS v3.1 ba...
CVE-2025-2138 IBM Engineering Requirements Management Doors Next data modification
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security...
CVE-2024-43190 IBM Engineering Requirements Management DOORS weak authentication
IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a remote attacker to obtain password reset instructions of a legitimate user using man in the middle techniques...
Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to Reflected File Download (CVE-2024-43169)
Summary IBM Engineering Requirements Management DOORS Next is vulnerable to Reflected File Download CVE-2024-43169. Vulnerability Details CVEID:CVE-2024-43169 DESCRIPTION: IBM Engineering Requirements Management DOORS Next could allow a user to download a malicious file without verifying the...
Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to Temporary File Download (CVE-2024-41771) and Archive File Download (CVE-2024-41770)
Summary IBM Engineering Requirements Management DOORS Next is vulnerable to Temporary File Download CVE-2024-41771 and Archive File Download CVE-2024-41770. Vulnerability Details CVEID:CVE-2024-41770 DESCRIPTION: IBM Engineering Requirements Management DOORS Next could allow a remote attacker to...
Security Bulletin: Multiple Oracle Outside In Technology vulnerabilities in IBM Engineering Requirements Management DOORS Next
Summary Multiple security vulnerabilities in Oracle Outside In Technology affect IBM Engineering Requirements Management DOORS Next. Vulnerability Details CVEID:CVE-2024-21117 DESCRIPTION: An unspecified vulnerability in Oracle Outside In Technology related to the Outside In Core component could...
Security Bulletin: IBM License Key Server Administration and Reporting Tool, and its Agent is vulnerable to Password Exposure via UI inspection
Summary A vulnerability in IBM License Key Server Administration and Reporting Tool, and Agent allowed users' stored passwords to be exposed through the browser's console. This issue could potentially lead to unauthorized access to user accounts if an attacker gained access to the logged-in user'...
Security Bulletin: The IBM® Engineering Lifecycle Engineering product using the -Xgc:concurrentScavenge option on IBM Z is vulnerable to Buffer overflow in GC
Summary CVE-2024-3933 affects IBM SDK, Java Technology Edition. An update has been released to address the vulnerability. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management, IBM Jazz...
Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service (CVE-2024-25026)
Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. The following IBM®...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2023-44487)
Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been address...
IBM Engineering Requirements Management DOORS Cross-Site Request Forgery Vulnerability
IBM Engineering Requirements Management DOORS is a requirements management tool. IBM Engineering Requirements Management DOORS suffers from a cross-site request forgery vulnerability that can be exploited by an attacker to perform malicious and unauthorized actions from a user trusted by the site...
Design/Logic Flaw
IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336...
Security Bulletin: Multiple Oracle Outside In Technology vulnerabilities in IBM Engineering Requirements Management DOORS Next
Summary Multiple security vulnerabilities in Oracle Outside In Technology affect IBM Engineering Requirements Management DOORS Next. Vulnerability Details CVEID:CVE-2021-35573 DESCRIPTION: An unspecified vulnerability in Oracle Outside In Technology related to the Outside In Filters component cou...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM SDK, Java Technology Edition Quarterly CPU - Oct 2023 - Includes Oracle October 2023 CPU plus are vulnerable to CVE-2023-5676
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed i...
Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to Identity Spoofing (CVE-2022-22476)
Summary IBM WebSphere Application Server Liberty and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. This affects The IBM® Engineering Lifecycle Engineering product using WebSphere Application Server Liberty versions 22.0.0.7 and prior,...
Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to a privilege escalation - CVE-2023-0482
Summary IBM WebSphere Application Server Liberty is vulnerable to a privilege escalation due to RESTEasy. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Workflow Management, IBM...
Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM Java XML vulnerability CVE-2022-21426, deferred from Oracle Apr 2022 CPU - CVE-2022-21426
Summary A flaw in the XML component may lead to excessive memory consumption when compiling certain XPath expressions, which may in turn allow an attacker to inflict a denial-of-service. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed...
Security Bulletin: The IBM® Engineering Lifecycle Engineering product using WebSphere Application Server Liberty is vulnerable to server-side request forgery due to Apache CXF - CVE-2022-46364
Summary IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery due to Apache CXF. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Workflow Management, I...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using WebSphere Application Server Liberty are vulnerable to denial of service due to Google protobuf-java
Summary There is a vulnerability in the Google protobuf-java library used by IBM WebSphere Application Server Liberty with the grpc-1.0 or grpcClient-1.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulleti...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty are vulnerable to HTTP header injection (CVE-2022-34165)
Summary IBM WebSphere Application Server Liberty is vulnerable to HTTP header injection when processing web requests. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Global Configuration Management, IBM Engineering...