Ibm

Engineering Requirements Management Doors

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2024-43190

  • EPSS 0.05%
  • Veröffentlicht 07.07.2025 17:45:51
  • Zuletzt bearbeitet 20.08.2025 16:27:29

IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a remote attacker to obtain password reset instructions of a legitimate user using man in the middle techniques.

8.2

CVE-2023-50304

  • EPSS 0.04%
  • Veröffentlicht 18.07.2024 16:15:06
  • Zuletzt bearbeitet 21.11.2024 08:36:49

IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume me...

6.5

CVE-2023-28949

  • EPSS 0.04%
  • Veröffentlicht 01.03.2024 02:15:07
  • Zuletzt bearbeitet 21.11.2024 07:56:16

IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216.

5.1

CVE-2023-50305

  • EPSS 0.01%
  • Veröffentlicht 01.03.2024 02:15:07
  • Zuletzt bearbeitet 21.11.2024 08:36:49

IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336.

4.8

CVE-2023-28525

  • EPSS 0.09%
  • Veröffentlicht 01.03.2024 02:15:06
  • Zuletzt bearbeitet 21.11.2024 07:55:16

IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclo...

9.8

CVE-2018-1457

  • EPSS 0.39%
  • Veröffentlicht 27.06.2018 18:29:00
  • Zuletzt bearbeitet 05.02.2025 18:38:27

An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1.10 application allows an attacker to gain DOORS administrator privileges. IBM X-Force ID: 140208.

4.3

CVE-2017-1515

  • EPSS 0.37%
  • Veröffentlicht 26.01.2018 21:29:00
  • Zuletzt bearbeitet 05.02.2025 18:38:27

IBM Doors Web Access 9.5 and 9.6 could allow an authenticated user to obtain sensitive information from HTTP internal server error responses. IBM X-Force ID: 129825.

5.4

CVE-2017-1516

  • EPSS 0.25%
  • Veröffentlicht 26.01.2018 21:29:00
  • Zuletzt bearbeitet 05.02.2025 18:38:27

IBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions ...

5.4

CVE-2017-1532

  • EPSS 0.32%
  • Veröffentlicht 26.01.2018 21:29:00
  • Zuletzt bearbeitet 05.02.2025 18:38:27

IBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sess...

5.4

CVE-2017-1540

  • EPSS 0.24%
  • Veröffentlicht 26.01.2018 21:29:00
  • Zuletzt bearbeitet 05.02.2025 18:38:27

IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a t...