3.5

CVE-2025-2138

IBM Engineering Requirements Management Doors Next data modification

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 

could allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmEngineering Requirements Management Doors Next Version7.0.2
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmEngineering Requirements Management Doors Next Version7.0.3
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmEngineering Requirements Management Doors Next Version7.1
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.038
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.5 2.1 1.4
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
psirt@us.ibm.com 3.5 2.1 1.4
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CWE-602 Client-Side Enforcement of Server-Side Security

The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.