Engineering Requirements Management DOORS Next
by IBM
CVEs (16)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-13734 | 0.00 | — | 0.00 | Mar 3, 2026 | IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions. | |||
| CVE-2025-2138 | 0.00 | — | 0.00 | Oct 12, 2025 | IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security. | |||
| CVE-2025-2139 | 0.00 | — | 0.00 | Oct 12, 2025 | IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security. | |||
| CVE-2025-2140 | 0.00 | — | 0.00 | Oct 12, 2025 | IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source data. | |||
| CVE-2025-33096 | 0.00 | — | 0.00 | Oct 12, 2025 | IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion. | |||
| CVE-2025-1826 | 0.00 | — | 0.00 | Oct 7, 2025 | IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034, 7.0.3 to 7.0.3 iFix016, and 7.1.0 to 7.1.0 iFix004) is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host network to embed… | |||
| CVE-2024-43190 | 0.00 | — | 0.00 | Jul 7, 2025 | IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a remote attacker to obtain password reset instructions of a legitimate user using man in the middle techniques. | |||
| CVE-2024-41771 | 0.00 | — | 0.00 | Mar 3, 2025 | IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information. | |||
| CVE-2024-41770 | 0.00 | — | 0.00 | Mar 3, 2025 | IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information. | |||
| CVE-2024-43169 | 0.00 | — | 0.00 | Mar 3, 2025 | IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code. | |||
| CVE-2024-41787 | 0.00 | — | 0.01 | Jan 10, 2025 | IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code. | |||
| CVE-2023-50304 | 0.00 | — | 0.01 | Jul 18, 2024 | IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force… | |||
| CVE-2023-45192 | 0.00 | — | 0.01 | Jun 6, 2024 | IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM… | |||
| CVE-2023-28949 | 0.00 | — | 0.00 | Mar 1, 2024 | IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216. | |||
| CVE-2023-50305 | 0.00 | — | 0.00 | Mar 1, 2024 | IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336. | |||
| CVE-2023-28525 | 0.00 | — | 0.00 | Mar 1, 2024 | IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted… |
- CVE-2025-13734Mar 3, 2026risk 0.00cvss —epss 0.00
IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions.
- CVE-2025-2138Oct 12, 2025risk 0.00cvss —epss 0.00
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security.
- CVE-2025-2139Oct 12, 2025risk 0.00cvss —epss 0.00
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security.
- CVE-2025-2140Oct 12, 2025risk 0.00cvss —epss 0.00
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source data.
- CVE-2025-33096Oct 12, 2025risk 0.00cvss —epss 0.00
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion.
- CVE-2025-1826Oct 7, 2025risk 0.00cvss —epss 0.00
IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034, 7.0.3 to 7.0.3 iFix016, and 7.1.0 to 7.1.0 iFix004) is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host network to embed…
- CVE-2024-43190Jul 7, 2025risk 0.00cvss —epss 0.00
IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a remote attacker to obtain password reset instructions of a legitimate user using man in the middle techniques.
- CVE-2024-41771Mar 3, 2025risk 0.00cvss —epss 0.00
IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.
- CVE-2024-41770Mar 3, 2025risk 0.00cvss —epss 0.00
IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.
- CVE-2024-43169Mar 3, 2025risk 0.00cvss —epss 0.00
IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code.
- CVE-2024-41787Jan 10, 2025risk 0.00cvss —epss 0.01
IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code.
- CVE-2023-50304Jul 18, 2024risk 0.00cvss —epss 0.01
IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force…
- CVE-2023-45192Jun 6, 2024risk 0.00cvss —epss 0.01
IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM…
- CVE-2023-28949Mar 1, 2024risk 0.00cvss —epss 0.00
IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216.
- CVE-2023-50305Mar 1, 2024risk 0.00cvss —epss 0.00
IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336.
- CVE-2023-28525Mar 1, 2024risk 0.00cvss —epss 0.00
IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…