5 matches found
CVE-2023-50305
CVE-2023-50305 affects IBM Engineering Requirements Management DOORS family (DOORS 9.7.2.7; DOORS Web Access 9.7.2.7; Rational DOORS/DOORS Web Access 9.6.1.x). According to the IBM bulletin, the issue is a design/logic flaw where users by default do not have strong passwords, enabling easier comp...
CVE-2023-28949
CVE-2023-28949 affects IBM Engineering Requirements Management DOORS/DOORS Web Access 9.7.2.7. The issue is a cross-site request forgery that could allow an attacker to perform malicious actions transmitted from a trusted user. The IBM bulletin confirms the vulnerability and directs upgrading to ...
CVE-2023-28525
CVE-2023-28525 affects IBM Engineering Requirements Management DOORS/DOORS Web Access 9.7.2.7 with a cross-site scripting vulnerability in the Web UI that could allow an attacker to embed arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. IBM recommends ...
CVE-2023-50304
CVE-2023-50304 affects IBM Engineering Requirements Management DOORS Web Access 9.7.2.8, where an XML External Entity (XXE) vulnerability exists in XML processing. The underlying issue could allow a remote attacker to expose sensitive information or cause memory/resource consumption. Public docum...
CVE-2024-43190
CVE-2024-43190 affects IBM Engineering Requirements Management DOORS 9.7.2.9. Description and connected IBM advisory confirm a weak authentication issue that, under certain configurations, could allow a remote attacker to obtain password reset instructions for a legitimate user via man-in-the-mid...