21 matches found
CVE-2024-43169
CVE-2024-43169 affects IBM Engineering Requirements Management DOORS Next versions 7.0.2, 7.0.3, and 7.1. The IBM security bulletin identifies the vulnerability as a Reflected File Download where a user could download a malicious file without verifying code integrity. The IBM CVSS context lists a...
CVE-2020-4445
CVE-2020-4445 affects IBM Jazz Team Server based applications with a cross-site scripting vulnerability in the WEB UI. The issue enables embedding arbitrary JavaScript in the Web UI, potentially leading to credential disclosure within a trusted session. The vulnerability is identified across mult...
CVE-2024-41770
CVE-2024-41770 affects IBM Engineering Requirements Management DOORS Next versions 7.0.2, 7.0.3, and 7.1. A remote attacker could download temporary files, potentially exposing application logic or sensitive information. The official IBM advisory/developers note remediation by applying ifix updat...
CVE-2021-20357
CVE-2021-20357 affects IBM Jazz Foundation products with a cross-site scripting vulnerability in the Web UI that could allow an attacker to embed arbitrary JavaScript and, in a trusted session, potentially disclose credentials. Connected sources corroborate a Web UI XSS across multiple IBM Jazz/F...
CVE-2020-4522
IBM Jazz Team Server based Applications are affected by a cross-site scripting vulnerability (CVE-2020-4522) in the Web UI, potentially enabling an attacker to inject arbitrary JavaScript and cause credentials disclosure within a trusted session. Affected products include IBM Engineering DOORS Ne...
CVE-2021-20519
CVE-2021-20519 affects IBM Jazz Team Server products with a cross-site scripting flaw in the Web UI that can allow attackers to embed arbitrary JavaScript and potentially disclose credentials in a trusted session. Public details consistently describe the impact as UI manipulation and credential e...
CVE-2020-4865
CVE-2020-4865 is a cross-site scripting vulnerability in IBM Jazz Foundation products (notably IBM Engineering Workflow Management and related IBM Jazz Team Server components) where attackers could inject arbitrary JavaScript into the Web UI, potentially leaking credentials within a trusted sessi...
CVE-2024-41771
CVE-2024-41771 affects IBM Engineering Requirements Management DOORS Next versions 7.0.2, 7.0.3, and 7.1. A remote attacker could download temporary files, potentially exposing application logic or other sensitive information. The connected Red Hat/NVD/Nessus entries corroborate the same descript...
CVE-2020-4920
CVE-2020-4920 affects IBM Jazz Team Server. Public details in connected CNVD/NVD entries describe a stored cross-site scripting vulnerability in the Jazz Team Server Web UI that can lead to credential disclosure within a trusted session. Remediation in the IBM bulletin section recommends upgradin...
CVE-2020-4965
CVE-2020-4965 affects IBM Jazz Team Server / Jazz Foundation (IBM Engineering Lifecycle Management). The vulnerability stems from weaker-than-expected cryptographic algorithms that could allow decrypting highly sensitive information. Public scoring varies: CVSSv3.1 base 7.5 (Network, High impact ...
CVE-2020-4855
The CVE-2020-4855 issue affects IBM Jazz Foundation products and is a cross-site scripting vulnerability in the Web UI that could enable an attacker to inject arbitrary JavaScript and potentially disclose credentials in a trusted session. Affected components include IBM Jazz Team Server family (E...
CVE-2020-4524
CVE-2020-4524 concerns an IBM Jazz Foundation cross-site scripting vulnerability in the Web UI that can allow embedding arbitrary JavaScript and potentially disclose credentials within a trusted session. The issue affects IBM Jazz Foundation family products (and related IBM ELM/RTC/RM components)...
CVE-2020-4964
CVE-2020-4964 affects IBM Jazz Team Server and related IBM Engineering Lifecycle Management components. The vulnerability is described as an undisclosed issue allowing an authenticated user to display a customized message within the application to phish other users. Public details from IBM’s bull...
CVE-2020-4546
CVE-2020-4546 is an XSS vulnerability in IBM Jazz Team Server Web UI affecting multiple Jazz-based applications (ELM, DOORS Next, ENI, EWM, RQM, CLM, etc.). The root cause is arbitrary JavaScript/HTML injection in the Web UI, enabling credential exposure within a trusted session. The IBM security...
CVE-2020-4547
IBM Jazz Foundation products are affected by CVE-2020-4547, a remote, click-hijacking vulnerability where誘 users are tricked into visiting a malicious site, enabling an attacker to hijack the victim’s clicking actions and potentially launch further attacks. Affected stack spans IBM Jazz Team Serv...
CVE-2020-4542
The CVE-2020-4542 entry describes a cross-site scripting vulnerability in IBM Jazz Foundation and IBM Engineering products, allowing an attacker to embed arbitrary JavaScript in the Web UI and potentially disclose credentials within a trusted session. Affected products/versions include IBM RQM (6...
CVE-2025-13734
IBM Engineering Requirements Management DOORS Next (versions 7.1 and 7.2) contains an access-control flaw (CWE-862) that could allow an authenticated user to view and edit data beyond their authorized permissions. The issue arises from insufficient authorization enforcement and has a CVSS v3.1 ba...
CVE-2025-33096
IBM Engineering Requirements Management DOORS Next versions 7.0.2, 7.0.3, and 7.1 are affected by CVE-2025-33096 due to an uncontrolled recursion when uploading specially crafted files, allowing an authenticated user on the network to cause a denial of service. The associated IBM Security Bulleti...
CVE-2025-2140
CVE-2025-2140 affects IBM Engineering Requirements Management DOORS Next versions 7.0.2, 7.0.3, and 7.1. An authenticated network user could spoof the sender email identity due to improper verification of source data. The vulnerability has a CVSS v3.1 base score of 5.7 (I(H), A(N), C(N)) with imp...
CVE-2025-2138
IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 are vulnerable to deleting comments from other users due to client-side enforcement of server-side security. Root cause: client-side security enforcement allowing authenticated network users to modify others’ comments. CVSS ...
CVE-2025-2139
IBM Engineering Requirements Management DOORS Next (versions 7.0.2, 7.0.3, 7.1) is affected by CVE-2025-2139 due to client-side enforcement of server-side security, allowing an authenticated network user to delete reviews from other users. The CVSSv3.1 base score is 3.5 (low impact on integrity; ...