Lucene search
K
IbmEngineering Requirements Management Doors Next

21 matches found

CVE
CVE
added 2025/03/03 3:27 p.m.69 views

CVE-2024-43169

CVE-2024-43169 affects IBM Engineering Requirements Management DOORS Next versions 7.0.2, 7.0.3, and 7.1. The IBM security bulletin identifies the vulnerability as a Reflected File Download where a user could download a malicious file without verifying code integrity. The IBM CVSS context lists a...

8.8CVSS8.5AI score0.00177EPSS
CVE
CVE
added 2020/09/02 6:25 p.m.65 views

CVE-2020-4445

CVE-2020-4445 affects IBM Jazz Team Server based applications with a cross-site scripting vulnerability in the WEB UI. The issue enables embedding arbitrary JavaScript in the Web UI, potentially leading to credential disclosure within a trusted session. The vulnerability is identified across mult...

5.4CVSS5.2AI score0.00561EPSS
CVE
CVE
added 2025/03/03 3:28 p.m.63 views

CVE-2024-41770

CVE-2024-41770 affects IBM Engineering Requirements Management DOORS Next versions 7.0.2, 7.0.3, and 7.1. A remote attacker could download temporary files, potentially exposing application logic or sensitive information. The official IBM advisory/developers note remediation by applying ifix updat...

7.5CVSS7.5AI score0.00442EPSS
CVE
CVE
added 2021/01/27 4:15 p.m.61 views

CVE-2021-20357

CVE-2021-20357 affects IBM Jazz Foundation products with a cross-site scripting vulnerability in the Web UI that could allow an attacker to embed arbitrary JavaScript and, in a trusted session, potentially disclose credentials. Connected sources corroborate a Web UI XSS across multiple IBM Jazz/F...

5.4CVSS5.2AI score0.00665EPSS
CVE
CVE
added 2020/09/02 6:25 p.m.60 views

CVE-2020-4522

IBM Jazz Team Server based Applications are affected by a cross-site scripting vulnerability (CVE-2020-4522) in the Web UI, potentially enabling an attacker to inject arbitrary JavaScript and cause credentials disclosure within a trusted session. Affected products include IBM Engineering DOORS Ne...

5.4CVSS5.2AI score0.00561EPSS
CVE
CVE
added 2021/04/12 6:0 p.m.58 views

CVE-2021-20519

CVE-2021-20519 affects IBM Jazz Team Server products with a cross-site scripting flaw in the Web UI that can allow attackers to embed arbitrary JavaScript and potentially disclose credentials in a trusted session. Public details consistently describe the impact as UI manipulation and credential e...

5.4CVSS5.6AI score0.0062EPSS
CVE
CVE
added 2021/01/27 4:15 p.m.53 views

CVE-2020-4865

CVE-2020-4865 is a cross-site scripting vulnerability in IBM Jazz Foundation products (notably IBM Engineering Workflow Management and related IBM Jazz Team Server components) where attackers could inject arbitrary JavaScript into the Web UI, potentially leaking credentials within a trusted sessi...

5.4CVSS5.2AI score0.00665EPSS
CVE
CVE
added 2025/03/03 3:29 p.m.53 views

CVE-2024-41771

CVE-2024-41771 affects IBM Engineering Requirements Management DOORS Next versions 7.0.2, 7.0.3, and 7.1. A remote attacker could download temporary files, potentially exposing application logic or other sensitive information. The connected Red Hat/NVD/Nessus entries corroborate the same descript...

7.5CVSS7.5AI score0.00442EPSS
CVE
CVE
added 2021/04/12 6:0 p.m.52 views

CVE-2020-4920

CVE-2020-4920 affects IBM Jazz Team Server. Public details in connected CNVD/NVD entries describe a stored cross-site scripting vulnerability in the Jazz Team Server Web UI that can lead to credential disclosure within a trusted session. Remediation in the IBM bulletin section recommends upgradin...

6.4CVSS5.5AI score0.0062EPSS
CVE
CVE
added 2021/04/12 6:0 p.m.52 views

CVE-2020-4965

CVE-2020-4965 affects IBM Jazz Team Server / Jazz Foundation (IBM Engineering Lifecycle Management). The vulnerability stems from weaker-than-expected cryptographic algorithms that could allow decrypting highly sensitive information. Public scoring varies: CVSSv3.1 base 7.5 (Network, High impact ...

7.5CVSS7.6AI score0.00719EPSS
CVE
CVE
added 2021/01/27 4:15 p.m.51 views

CVE-2020-4855

The CVE-2020-4855 issue affects IBM Jazz Foundation products and is a cross-site scripting vulnerability in the Web UI that could enable an attacker to inject arbitrary JavaScript and potentially disclose credentials in a trusted session. Affected components include IBM Jazz Team Server family (E...

5.4CVSS5.2AI score0.00665EPSS
CVE
CVE
added 2021/01/27 4:15 p.m.50 views

CVE-2020-4524

CVE-2020-4524 concerns an IBM Jazz Foundation cross-site scripting vulnerability in the Web UI that can allow embedding arbitrary JavaScript and potentially disclose credentials within a trusted session. The issue affects IBM Jazz Foundation family products (and related IBM ELM/RTC/RM components)...

5.4CVSS5.2AI score0.00665EPSS
CVE
CVE
added 2021/04/12 6:0 p.m.50 views

CVE-2020-4964

CVE-2020-4964 affects IBM Jazz Team Server and related IBM Engineering Lifecycle Management components. The vulnerability is described as an undisclosed issue allowing an authenticated user to display a customized message within the application to phish other users. Public details from IBM’s bull...

4.3CVSS5.2AI score0.00638EPSS
CVE
CVE
added 2020/09/02 6:25 p.m.49 views

CVE-2020-4546

CVE-2020-4546 is an XSS vulnerability in IBM Jazz Team Server Web UI affecting multiple Jazz-based applications (ELM, DOORS Next, ENI, EWM, RQM, CLM, etc.). The root cause is arbitrary JavaScript/HTML injection in the Web UI, enabling credential exposure within a trusted session. The IBM security...

5.4CVSS5.2AI score0.00561EPSS
CVE
CVE
added 2021/01/27 4:15 p.m.49 views

CVE-2020-4547

IBM Jazz Foundation products are affected by CVE-2020-4547, a remote, click-hijacking vulnerability where誘 users are tricked into visiting a malicious site, enabling an attacker to hijack the victim’s clicking actions and potentially launch further attacks. Affected stack spans IBM Jazz Team Serv...

5.4CVSS5.3AI score0.00821EPSS
CVE
CVE
added 2020/08/04 4:0 p.m.46 views

CVE-2020-4542

The CVE-2020-4542 entry describes a cross-site scripting vulnerability in IBM Jazz Foundation and IBM Engineering products, allowing an attacker to embed arbitrary JavaScript in the Web UI and potentially disclose credentials within a trusted session. Affected products/versions include IBM RQM (6...

5.4CVSS5.8AI score0.00561EPSS
CVE
CVE
added 2026/03/03 7:51 p.m.18 views

CVE-2025-13734

IBM Engineering Requirements Management DOORS Next (versions 7.1 and 7.2) contains an access-control flaw (CWE-862) that could allow an authenticated user to view and edit data beyond their authorized permissions. The issue arises from insufficient authorization enforcement and has a CVSS v3.1 ba...

5.4CVSS5.9AI score0.00144EPSS
CVE
CVE
added 2025/10/12 1:31 p.m.17 views

CVE-2025-33096

IBM Engineering Requirements Management DOORS Next versions 7.0.2, 7.0.3, and 7.1 are affected by CVE-2025-33096 due to an uncontrolled recursion when uploading specially crafted files, allowing an authenticated user on the network to cause a denial of service. The associated IBM Security Bulleti...

6.5CVSS6AI score0.00279EPSS
CVE
CVE
added 2025/10/12 1:33 p.m.15 views

CVE-2025-2140

CVE-2025-2140 affects IBM Engineering Requirements Management DOORS Next versions 7.0.2, 7.0.3, and 7.1. An authenticated network user could spoof the sender email identity due to improper verification of source data. The vulnerability has a CVSS v3.1 base score of 5.7 (I(H), A(N), C(N)) with imp...

5.7CVSS6.1AI score0.00113EPSS
CVE
CVE
added 2025/10/12 1:37 p.m.14 views

CVE-2025-2138

IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 are vulnerable to deleting comments from other users due to client-side enforcement of server-side security. Root cause: client-side security enforcement allowing authenticated network users to modify others’ comments. CVSS ...

3.5CVSS6.2AI score0.00166EPSS
CVE
CVE
added 2025/10/12 1:35 p.m.14 views

CVE-2025-2139

IBM Engineering Requirements Management DOORS Next (versions 7.0.2, 7.0.3, 7.1) is affected by CVE-2025-2139 due to client-side enforcement of server-side security, allowing an authenticated network user to delete reviews from other users. The CVSSv3.1 base score is 3.5 (low impact on integrity; ...

3.5CVSS6.1AI score0.00166EPSS