Ibm

Engineering Requirements Management Doors Next

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2025-2138

  • EPSS 0.04%
  • Veröffentlicht 12.10.2025 13:37:02
  • Zuletzt bearbeitet 16.10.2025 14:25:30

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security.

3.5

CVE-2025-2139

  • EPSS 0.03%
  • Veröffentlicht 12.10.2025 13:35:24
  • Zuletzt bearbeitet 16.10.2025 14:27:01

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security.

5.7

CVE-2025-2140

  • EPSS 0.01%
  • Veröffentlicht 12.10.2025 13:33:22
  • Zuletzt bearbeitet 16.10.2025 14:32:22

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source data.

6.5

CVE-2025-33096

  • EPSS 0.05%
  • Veröffentlicht 12.10.2025 13:31:04
  • Zuletzt bearbeitet 16.10.2025 14:37:47

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion.

6.5

CVE-2024-43169

  • EPSS 0.03%
  • Veröffentlicht 03.03.2025 16:15:38
  • Zuletzt bearbeitet 07.03.2025 19:37:23

IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code.

7.5

CVE-2024-41771

  • EPSS 0.14%
  • Veröffentlicht 03.03.2025 16:15:38
  • Zuletzt bearbeitet 07.03.2025 19:37:23

IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.

7.5

CVE-2024-41770

  • EPSS 0.14%
  • Veröffentlicht 03.03.2025 16:15:37
  • Zuletzt bearbeitet 07.03.2025 19:37:23

IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.

8.1

CVE-2024-41787

  • EPSS 0.2%
  • Veröffentlicht 10.01.2025 14:15:28
  • Zuletzt bearbeitet 20.08.2025 02:48:45

IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remo...

5.4

CVE-2021-20519

  • EPSS 0.16%
  • Veröffentlicht 12.04.2021 18:15:13
  • Zuletzt bearbeitet 21.11.2024 05:46:42

IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a tru...

4.3

CVE-2020-4964

  • EPSS 0.15%
  • Veröffentlicht 12.04.2021 18:15:12
  • Zuletzt bearbeitet 21.11.2024 05:33:28

IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419.