CVE-2024-43190
- EPSS 0.05%
- Veröffentlicht 07.07.2025 17:45:51
- Zuletzt bearbeitet 20.08.2025 16:27:29
IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a remote attacker to obtain password reset instructions of a legitimate user using man in the middle techniques.
CVE-2023-50304
- EPSS 0.04%
- Veröffentlicht 18.07.2024 16:15:06
- Zuletzt bearbeitet 21.11.2024 08:36:49
IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume me...
CVE-2023-28949
- EPSS 0.04%
- Veröffentlicht 01.03.2024 02:15:07
- Zuletzt bearbeitet 21.11.2024 07:56:16
IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216.
CVE-2023-50305
- EPSS 0.01%
- Veröffentlicht 01.03.2024 02:15:07
- Zuletzt bearbeitet 21.11.2024 08:36:49
IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336.
CVE-2023-28525
- EPSS 0.09%
- Veröffentlicht 01.03.2024 02:15:06
- Zuletzt bearbeitet 21.11.2024 07:55:16
IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclo...