VYPR

Engineering Requirements Management DOORS Next

by IBM

CVEs (16)

  • CVE-2025-13734Mar 3, 2026
    risk 0.00cvss epss 0.00

    IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions.

  • CVE-2025-2138Oct 12, 2025
    risk 0.00cvss epss 0.00

    IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security.

  • CVE-2025-2139Oct 12, 2025
    risk 0.00cvss epss 0.00

    IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security.

  • CVE-2025-2140Oct 12, 2025
    risk 0.00cvss epss 0.00

    IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source data.

  • CVE-2025-33096Oct 12, 2025
    risk 0.00cvss epss 0.00

    IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion.

  • CVE-2025-1826Oct 7, 2025
    risk 0.00cvss epss 0.00

    IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 7.0.2 to 7.0.2 iFix034, 7.0.3 to 7.0.3 iFix016, and 7.1.0 to 7.1.0 iFix004) is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host network to embed…

  • CVE-2024-43190Jul 7, 2025
    risk 0.00cvss epss 0.00

    IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a remote attacker to obtain password reset instructions of a legitimate user using man in the middle techniques.

  • CVE-2024-41771Mar 3, 2025
    risk 0.00cvss epss 0.00

    IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.

  • CVE-2024-41770Mar 3, 2025
    risk 0.00cvss epss 0.00

    IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.

  • CVE-2024-43169Mar 3, 2025
    risk 0.00cvss epss 0.00

    IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code.

  • CVE-2024-41787Jan 10, 2025
    risk 0.00cvss epss 0.01

    IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code.

  • CVE-2023-50304Jul 18, 2024
    risk 0.00cvss epss 0.01

    IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force…

  • CVE-2023-45192Jun 6, 2024
    risk 0.00cvss epss 0.01

    IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM…

  • CVE-2023-28949Mar 1, 2024
    risk 0.00cvss epss 0.00

    IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216.

  • CVE-2023-50305Mar 1, 2024
    risk 0.00cvss epss 0.00

    IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336.

  • CVE-2023-28525Mar 1, 2024
    risk 0.00cvss epss 0.00

    IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…