Lucene search

K
IbmEngineering Requirements Management Doors Next

18 matches found

CVE
CVE
added 2025/01/10 2:15 p.m.60 views

CVE-2024-41787

IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code.

9.8CVSS9.5AI score0.0009EPSS
CVE
CVE
added 2020/09/02 7:15 p.m.48 views

CVE-2020-4522

IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182397.

5.4CVSS5.2AI score0.00236EPSS
CVE
CVE
added 2025/03/03 4:15 p.m.46 views

CVE-2024-41770

IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.

7.5CVSS7.5AI score0.00067EPSS
CVE
CVE
added 2021/01/27 5:15 p.m.45 views

CVE-2021-20357

IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963.

5.4CVSS5.2AI score0.00158EPSS
CVE
CVE
added 2020/09/02 7:15 p.m.44 views

CVE-2020-4445

IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 181122.

5.4CVSS5.2AI score0.00236EPSS
CVE
CVE
added 2024/06/06 7:15 p.m.44 views

CVE-2023-45192

IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 268758.

8.2CVSS8.1AI score0.00046EPSS
CVE
CVE
added 2025/03/03 4:15 p.m.43 views

CVE-2024-43169

IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code.

8.8CVSS8.5AI score0.00026EPSS
CVE
CVE
added 2021/04/12 6:15 p.m.41 views

CVE-2021-20519

IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198441.

5.4CVSS5.6AI score0.00157EPSS
CVE
CVE
added 2021/04/12 6:15 p.m.40 views

CVE-2020-4965

IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422.

7.5CVSS7.6AI score0.00111EPSS
CVE
CVE
added 2025/03/03 4:15 p.m.40 views

CVE-2024-41771

IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.

7.5CVSS7.5AI score0.00067EPSS
CVE
CVE
added 2021/01/27 5:15 p.m.38 views

CVE-2020-4865

IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741.

5.4CVSS5.2AI score0.00208EPSS
CVE
CVE
added 2021/04/12 6:15 p.m.38 views

CVE-2020-4920

IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191396.

6.4CVSS5.5AI score0.00128EPSS
CVE
CVE
added 2021/01/27 5:15 p.m.37 views

CVE-2020-4855

IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457.

5.4CVSS5.2AI score0.00158EPSS
CVE
CVE
added 2021/04/12 6:15 p.m.37 views

CVE-2020-4964

IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419.

4.3CVSS5.2AI score0.00153EPSS
CVE
CVE
added 2020/08/04 4:15 p.m.35 views

CVE-2020-4542

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: ...

5.4CVSS5.8AI score0.00236EPSS
CVE
CVE
added 2020/09/02 7:15 p.m.35 views

CVE-2020-4546

IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183314.

5.4CVSS5.2AI score0.00236EPSS
CVE
CVE
added 2021/01/27 5:15 p.m.35 views

CVE-2020-4547

IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victi...

5.4CVSS5.3AI score0.00089EPSS
CVE
CVE
added 2021/01/27 5:15 p.m.33 views

CVE-2020-4524

IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434.

5.4CVSS5.2AI score0.00158EPSS