Search criteria
39 vulnerabilities found for engineering_requirements_management_doors by ibm
FKIE_CVE-2024-43190
Vulnerability from fkie_nvd - Published: 2025-07-07 18:15 - Updated: 2025-08-20 16:27
Severity ?
Summary
IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a remote attacker to obtain password reset instructions of a legitimate user using man in the middle techniques.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7238992 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | engineering_requirements_management_doors | * | |
| ibm | engineering_requirements_management_doors | 9.7.2.9 | |
| ibm | engineering_requirements_management_doors_web_access | * | |
| ibm | engineering_requirements_management_doors_web_access | 9.7.2.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDA3A453-D11E-4DC3-A9EC-99B9CD732EC5",
"versionEndIncluding": "9.6.1.13",
"versionStartIncluding": "9.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:9.7.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "194CCEED-FB01-4E7A-89E1-457D4007B3B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_web_access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB04A61D-CD90-4300-AD83-5A467C67583B",
"versionEndIncluding": "9.6.1.13",
"versionStartIncluding": "9.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_web_access:9.7.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8607A66D-07EC-47A7-851C-5B37C1057110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a remote attacker to obtain password reset instructions of a legitimate user using man in the middle techniques."
},
{
"lang": "es",
"value": "IBM Engineering Requirements Management DOORS 9.7.2.9, bajo ciertas configuraciones, podr\u00eda permitir que un atacante remoto obtenga instrucciones de restablecimiento de contrase\u00f1a de un usuario leg\u00edtimo utilizando t\u00e9cnicas de intermediario."
}
],
"id": "CVE-2024-43190",
"lastModified": "2025-08-20T16:27:29.470",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
},
"published": "2025-07-07T18:15:25.440",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7238992"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-640"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-50304
Vulnerability from fkie_nvd - Published: 2024-07-18 16:15 - Updated: 2024-11-21 08:36
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Summary
IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 273335.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/273335 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7160471 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/273335 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7160471 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | engineering_requirements_management_doors | 9.7.2.8 | |
| ibm | engineering_requirements_management_doors_web_access | 9.7.2.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:9.7.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5665FA0A-F082-40C6-860F-51F8F2F1E64B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_web_access:9.7.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9E0B680E-9B8A-4774-8229-415C8D069EAD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 273335."
},
{
"lang": "es",
"value": "IBM Engineering Requisitos Management DOORS Web Access 9.7.2.8 es vulnerable a un ataque de inyecci\u00f3n de entidad externa XML (XXE) al procesar datos XML. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad para exponer informaci\u00f3n confidencial o consumir recursos de memoria. ID de IBM X-Force: 273335."
}
],
"id": "CVE-2023-50304",
"lastModified": "2024-11-21T08:36:49.433",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-18T16:15:06.090",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273335"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160471"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-50305
Vulnerability from fkie_nvd - Published: 2024-03-01 02:15 - Updated: 2024-11-21 08:36
Severity ?
5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/273336 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7124058 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/273336 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7124058 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | engineering_requirements_management_doors | 9.7.2.7 | |
| ibm | engineering_requirements_management_doors_web_access | 9.7.2.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:9.7.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CE06AC34-D09F-4BD8-B115-1691D8643419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_web_access:9.7.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "13ECE46A-0CFF-4199-A8B3-923077E07484",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336."
},
{
"lang": "es",
"value": "IBM Engineering Requisitos Management DOORS 9.7.2.7 no requiere que los usuarios tengan contrase\u00f1as seguras de forma predeterminada, lo que facilita que los atacantes comprometan las cuentas de los usuarios. ID de IBM X-Force: 273336."
}
],
"id": "CVE-2023-50305",
"lastModified": "2024-11-21T08:36:49.587",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-01T02:15:07.590",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273336"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7124058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7124058"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-28949
Vulnerability from fkie_nvd - Published: 2024-03-01 02:15 - Updated: 2024-11-21 07:56
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/251216 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7124058 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/251216 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7124058 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | engineering_requirements_management_doors | 9.7.2.7 | |
| ibm | engineering_requirements_management_doors_web_access | 9.7.2.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:9.7.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CE06AC34-D09F-4BD8-B115-1691D8643419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_web_access:9.7.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "13ECE46A-0CFF-4199-A8B3-923077E07484",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216."
},
{
"lang": "es",
"value": "IBM Engineering Requisitos Management DOORS 9.7.2.7 es vulnerable a la Cross-Site Request Forgery, lo que podr\u00eda permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que conf\u00eda el sitio web. ID de IBM X-Force: 251216."
}
],
"id": "CVE-2023-28949",
"lastModified": "2024-11-21T07:56:16.260",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-01T02:15:07.063",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251216"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7124058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7124058"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-28525
Vulnerability from fkie_nvd - Published: 2024-03-01 02:15 - Updated: 2024-11-21 07:55
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251052.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/251052 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7124058 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/251052 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7124058 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | engineering_requirements_management_doors | 9.7.2.7 | |
| ibm | engineering_requirements_management_doors_web_access | 9.7.2.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:9.7.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CE06AC34-D09F-4BD8-B115-1691D8643419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_web_access:9.7.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "13ECE46A-0CFF-4199-A8B3-923077E07484",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251052."
},
{
"lang": "es",
"value": "IBM Engineering Requisitos Management 9.7.2.7 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 251052."
}
],
"id": "CVE-2023-28525",
"lastModified": "2024-11-21T07:55:16.807",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-01T02:15:06.860",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251052"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7124058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7124058"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2018-1457
Vulnerability from fkie_nvd - Published: 2018-06-27 18:29 - Updated: 2025-02-05 18:38
Severity ?
Summary
An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1.10 application allows an attacker to gain DOORS administrator privileges. IBM X-Force ID: 140208.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22017436 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/104573 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/140208 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22017436 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104573 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/140208 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36419474-B956-4A9A-9DD4-47B0D58864E4",
"versionEndIncluding": "9.5.1.9",
"versionStartIncluding": "9.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF287FA0-FFA0-48A5-95DE-5123793ACDAC",
"versionEndIncluding": "9.5.2.8",
"versionStartIncluding": "9.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15BC1590-6F9A-49DA-9EF7-0F7185D009B2",
"versionEndIncluding": "9.6.0.7",
"versionStartIncluding": "9.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0847A729-3BAA-4CAD-8570-7DC72B0438B5",
"versionEndIncluding": "9.6.1.10",
"versionStartIncluding": "9.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3994EDDD-2720-4186-A161-385EBB5767F7",
"versionEndIncluding": "9.7.2",
"versionStartIncluding": "9.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1.10 application allows an attacker to gain DOORS administrator privileges. IBM X-Force ID: 140208."
},
{
"lang": "es",
"value": "Una vulnerabilidad sin revelar en IBM Rational DOORS de la versi\u00f3n 9.5.1 hasta la 9.6.1.10 permite que un atacante obtenga privilegios de administrador DOORS. IBM X-Force ID: 140208."
}
],
"id": "CVE-2018-1457",
"lastModified": "2025-02-05T18:38:27.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-27T18:29:00.617",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22017436"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104573"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22017436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140208"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1540
Vulnerability from fkie_nvd - Published: 2018-01-26 21:29 - Updated: 2025-02-05 18:38
Severity ?
Summary
IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130808.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22012789 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/102890 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/130808 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22012789 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102890 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/130808 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96E0933B-B5DE-4D2D-A618-399EDCA60BEC",
"versionEndIncluding": "9.5.0.7",
"versionStartIncluding": "9.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5CC40FB-5AFC-4170-87AA-3EA32BC005AD",
"versionEndIncluding": "9.5.1.8",
"versionStartIncluding": "9.5.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5749236-FBDA-4CB8-9B0A-B14E74F5D07C",
"versionEndIncluding": "9.5.2.7",
"versionStartIncluding": "9.5.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC96FBA4-2236-4ABF-AA1F-655A00D79F56",
"versionEndIncluding": "9.6.0.6",
"versionStartIncluding": "9.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E068BAB-D96A-49D0-AE8C-049D76F8CF17",
"versionEndIncluding": "9.6.1.9",
"versionStartIncluding": "9.6.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130808."
},
{
"lang": "es",
"value": "IBM Doors Web Access 9.5 y 9.6 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 130808."
}
],
"id": "CVE-2017-1540",
"lastModified": "2025-02-05T18:38:27.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-26T21:29:00.710",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102890"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130808"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1515
Vulnerability from fkie_nvd - Published: 2018-01-26 21:29 - Updated: 2025-02-05 18:38
Severity ?
Summary
IBM Doors Web Access 9.5 and 9.6 could allow an authenticated user to obtain sensitive information from HTTP internal server error responses. IBM X-Force ID: 129825.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22012789 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/102872 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/129825 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22012789 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102872 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/129825 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96E0933B-B5DE-4D2D-A618-399EDCA60BEC",
"versionEndIncluding": "9.5.0.7",
"versionStartIncluding": "9.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5CC40FB-5AFC-4170-87AA-3EA32BC005AD",
"versionEndIncluding": "9.5.1.8",
"versionStartIncluding": "9.5.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5749236-FBDA-4CB8-9B0A-B14E74F5D07C",
"versionEndIncluding": "9.5.2.7",
"versionStartIncluding": "9.5.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC96FBA4-2236-4ABF-AA1F-655A00D79F56",
"versionEndIncluding": "9.6.0.6",
"versionStartIncluding": "9.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E068BAB-D96A-49D0-AE8C-049D76F8CF17",
"versionEndIncluding": "9.6.1.9",
"versionStartIncluding": "9.6.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Doors Web Access 9.5 and 9.6 could allow an authenticated user to obtain sensitive information from HTTP internal server error responses. IBM X-Force ID: 129825."
},
{
"lang": "es",
"value": "IBM Doors Web Access 9.5 y 9.6 podr\u00eda permitir que un usuario autenticado obtenga informaci\u00f3n de respuestas de error interno del servidor HTTP. IBM X-Force ID: 129825."
}
],
"id": "CVE-2017-1515",
"lastModified": "2025-02-05T18:38:27.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-26T21:29:00.507",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102872"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129825"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1563
Vulnerability from fkie_nvd - Published: 2018-01-26 21:29 - Updated: 2025-02-05 18:38
Severity ?
Summary
IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131763.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22012789 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/102862 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/131763 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22012789 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102862 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/131763 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96E0933B-B5DE-4D2D-A618-399EDCA60BEC",
"versionEndIncluding": "9.5.0.7",
"versionStartIncluding": "9.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5CC40FB-5AFC-4170-87AA-3EA32BC005AD",
"versionEndIncluding": "9.5.1.8",
"versionStartIncluding": "9.5.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5749236-FBDA-4CB8-9B0A-B14E74F5D07C",
"versionEndIncluding": "9.5.2.7",
"versionStartIncluding": "9.5.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC96FBA4-2236-4ABF-AA1F-655A00D79F56",
"versionEndIncluding": "9.6.0.6",
"versionStartIncluding": "9.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E068BAB-D96A-49D0-AE8C-049D76F8CF17",
"versionEndIncluding": "9.6.1.9",
"versionStartIncluding": "9.6.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131763."
},
{
"lang": "es",
"value": "IBM Doors Web Access 9.5 y 9.6 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 131763."
}
],
"id": "CVE-2017-1563",
"lastModified": "2025-02-05T18:38:27.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-26T21:29:00.837",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102862"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131763"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1516
Vulnerability from fkie_nvd - Published: 2018-01-26 21:29 - Updated: 2025-02-05 18:38
Severity ?
Summary
IBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 129826.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22012789 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/102867 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/129826 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22012789 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102867 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/129826 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96E0933B-B5DE-4D2D-A618-399EDCA60BEC",
"versionEndIncluding": "9.5.0.7",
"versionStartIncluding": "9.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5CC40FB-5AFC-4170-87AA-3EA32BC005AD",
"versionEndIncluding": "9.5.1.8",
"versionStartIncluding": "9.5.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5749236-FBDA-4CB8-9B0A-B14E74F5D07C",
"versionEndIncluding": "9.5.2.7",
"versionStartIncluding": "9.5.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC96FBA4-2236-4ABF-AA1F-655A00D79F56",
"versionEndIncluding": "9.6.0.6",
"versionStartIncluding": "9.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E068BAB-D96A-49D0-AE8C-049D76F8CF17",
"versionEndIncluding": "9.6.1.9",
"versionStartIncluding": "9.6.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim\u0027s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 129826."
},
{
"lang": "es",
"value": "IBM Doors Web Access 9.5 y 9.6 podr\u00eda permitir que un atacante remoto realizase un secuestro de clic a la v\u00edctima. Al persuadir a una v\u00edctima para que visite un sitio web malicioso, un atacante remoto podr\u00eda explotar esta vulnerabilidad para secuestrar las acciones de clicado de la v\u00edctima y, probablemente, lanzar m\u00e1s ataques contra la v\u00edctima. IBM X-Force ID: 129826."
}
],
"id": "CVE-2017-1516",
"lastModified": "2025-02-05T18:38:27.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-26T21:29:00.570",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102867"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129826"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1567
Vulnerability from fkie_nvd - Published: 2018-01-26 21:29 - Updated: 2025-02-05 18:38
Severity ?
Summary
IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131769.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22012789 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/102851 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/131769 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22012789 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102851 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/131769 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96E0933B-B5DE-4D2D-A618-399EDCA60BEC",
"versionEndIncluding": "9.5.0.7",
"versionStartIncluding": "9.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5CC40FB-5AFC-4170-87AA-3EA32BC005AD",
"versionEndIncluding": "9.5.1.8",
"versionStartIncluding": "9.5.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5749236-FBDA-4CB8-9B0A-B14E74F5D07C",
"versionEndIncluding": "9.5.2.7",
"versionStartIncluding": "9.5.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC96FBA4-2236-4ABF-AA1F-655A00D79F56",
"versionEndIncluding": "9.6.0.6",
"versionStartIncluding": "9.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E068BAB-D96A-49D0-AE8C-049D76F8CF17",
"versionEndIncluding": "9.6.1.9",
"versionStartIncluding": "9.6.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131769."
},
{
"lang": "es",
"value": "IBM Doors Web Access 9.5 y 9.6 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 131769."
}
],
"id": "CVE-2017-1567",
"lastModified": "2025-02-05T18:38:27.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-26T21:29:00.900",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102851"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131769"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1532
Vulnerability from fkie_nvd - Published: 2018-01-26 21:29 - Updated: 2025-02-05 18:38
Severity ?
Summary
IBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130411.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22012789 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/102888 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/130411 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22012789 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102888 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/130411 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96E0933B-B5DE-4D2D-A618-399EDCA60BEC",
"versionEndIncluding": "9.5.0.7",
"versionStartIncluding": "9.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5CC40FB-5AFC-4170-87AA-3EA32BC005AD",
"versionEndIncluding": "9.5.1.8",
"versionStartIncluding": "9.5.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5749236-FBDA-4CB8-9B0A-B14E74F5D07C",
"versionEndIncluding": "9.5.2.7",
"versionStartIncluding": "9.5.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC96FBA4-2236-4ABF-AA1F-655A00D79F56",
"versionEndIncluding": "9.6.0.6",
"versionStartIncluding": "9.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E068BAB-D96A-49D0-AE8C-049D76F8CF17",
"versionEndIncluding": "9.6.1.9",
"versionStartIncluding": "9.6.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130411."
},
{
"lang": "es",
"value": "IBM DOORS 9.5 y 9.6 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 130411."
}
],
"id": "CVE-2017-1532",
"lastModified": "2025-02-05T18:38:27.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-26T21:29:00.650",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102888"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130411"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1545
Vulnerability from fkie_nvd - Published: 2018-01-26 21:29 - Updated: 2025-02-05 18:38
Severity ?
Summary
IBM Doors Web Access 9.5 and 9.6 could allow an attacker with physical access to the system to log into the application using previously stored credentials. IBM X-Force ID: 130914.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22012789 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/102896 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/130914 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22012789 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102896 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/130914 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96E0933B-B5DE-4D2D-A618-399EDCA60BEC",
"versionEndIncluding": "9.5.0.7",
"versionStartIncluding": "9.5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5CC40FB-5AFC-4170-87AA-3EA32BC005AD",
"versionEndIncluding": "9.5.1.8",
"versionStartIncluding": "9.5.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5749236-FBDA-4CB8-9B0A-B14E74F5D07C",
"versionEndIncluding": "9.5.2.7",
"versionStartIncluding": "9.5.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC96FBA4-2236-4ABF-AA1F-655A00D79F56",
"versionEndIncluding": "9.6.0.6",
"versionStartIncluding": "9.6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E068BAB-D96A-49D0-AE8C-049D76F8CF17",
"versionEndIncluding": "9.6.1.9",
"versionStartIncluding": "9.6.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Doors Web Access 9.5 and 9.6 could allow an attacker with physical access to the system to log into the application using previously stored credentials. IBM X-Force ID: 130914."
},
{
"lang": "es",
"value": "IBM Doors Web Access 9.5 y 9.6 podr\u00eda permitir que un atacante con acceso f\u00edsico al sistema inicie sesi\u00f3n en la aplicaci\u00f3n empleando credenciales almacenadas anteriormente. IBM X-Force ID: 130914."
}
],
"id": "CVE-2017-1545",
"lastModified": "2025-02-05T18:38:27.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-26T21:29:00.773",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102896"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130914"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-43190 (GCVE-0-2024-43190)
Vulnerability from cvelistv5 – Published: 2025-07-07 17:45 – Updated: 2025-08-24 11:31
VLAI?
Title
IBM Engineering Requirements Management DOORS weak authentication
Summary
IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a remote attacker to obtain password reset instructions of a legitimate user using man in the middle techniques.
Severity ?
5.9 (Medium)
CWE
- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Requirements Management DOORS |
Affected:
9.7.2.9
cpe:2.3:a:ibm:engineering_requirements_management_doors:9.7.2.9:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43190",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T13:38:09.385849Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T13:38:20.322Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:engineering_requirements_management_doors:9.7.2.9:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Engineering Requirements Management DOORS",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.7.2.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a remote attacker to obtain password reset instructions of a legitimate user using man in the middle techniques."
}
],
"value": "IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a remote attacker to obtain password reset instructions of a legitimate user using man in the middle techniques."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:31:35.546Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7238992"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM strongly recommends addressing the vulnerabilities now by taking the actions documented in this bulletin.\u003cbr\u003e\u003cbr\u003eFor The IBM Engineering Requirements Management DOORS/DWA product versions 9.7.x, install the fix pack 9.7.2.10.\u003cbr\u003e\u003cbr\u003eYou can download the fix pack for 9.7.2.10 from Fix Central.\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by taking the actions documented in this bulletin.\n\nFor The IBM Engineering Requirements Management DOORS/DWA product versions 9.7.x, install the fix pack 9.7.2.10.\n\nYou can download the fix pack for 9.7.2.10 from Fix Central."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Engineering Requirements Management DOORS weak authentication",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-43190",
"datePublished": "2025-07-07T17:45:51.426Z",
"dateReserved": "2024-08-07T13:29:48.159Z",
"dateUpdated": "2025-08-24T11:31:35.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50304 (GCVE-0-2023-50304)
Vulnerability from cvelistv5 – Published: 2024-07-18 16:01 – Updated: 2024-08-02 22:16
VLAI?
Title
IBM Engineering Requirements Management DOORS XML external entity injection
Summary
IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 273335.
Severity ?
7.1 (High)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Requirements Management DOORS |
Affected:
9.7.2.8
cpe:2.3:a:ibm:engineering_requirements_management_doors:9.7.2.7:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50304",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T14:41:09.585350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T14:41:54.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7160471"
},
{
"tags": [
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273335"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:engineering_requirements_management_doors:9.7.2.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Engineering Requirements Management DOORS",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.7.2.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 273335."
}
],
"value": "IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 273335."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T16:01:38.174Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160471"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273335"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Engineering Requirements Management DOORS XML external entity injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-50304",
"datePublished": "2024-07-18T16:01:38.174Z",
"dateReserved": "2023-12-07T01:28:46.423Z",
"dateUpdated": "2024-08-02T22:16:46.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28949 (GCVE-0-2023-28949)
Vulnerability from cvelistv5 – Published: 2024-03-01 01:47 – Updated: 2024-08-02 13:51
VLAI?
Title
IBM Engineering Requirements Management cross-site request forgery
Summary
IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216.
Severity ?
6.5 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Requirements Management |
Affected:
9.7.2.7
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28949",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T17:42:10.709028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:47.318Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7124058"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251216"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Engineering Requirements Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.7.2.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216."
}
],
"value": "IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-01T01:53:43.368Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7124058"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251216"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Engineering Requirements Management cross-site request forgery",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-28949",
"datePublished": "2024-03-01T01:47:15.207Z",
"dateReserved": "2023-03-29T01:33:55.064Z",
"dateUpdated": "2024-08-02T13:51:38.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50305 (GCVE-0-2023-50305)
Vulnerability from cvelistv5 – Published: 2024-03-01 01:44 – Updated: 2024-08-02 22:16
VLAI?
Title
IBM Engineering Requirements Management information disclosure
Summary
IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336.
Severity ?
5.1 (Medium)
CWE
- CWE-521 - Weak Password Requirements
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Requirements Management |
Affected:
9.7.2.7
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50305",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-01T15:39:44.001928Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:05.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7124058"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273336"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Engineering Requirements Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.7.2.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336."
}
],
"value": "IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-01T01:44:34.005Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7124058"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273336"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Engineering Requirements Management information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-50305",
"datePublished": "2024-03-01T01:44:34.005Z",
"dateReserved": "2023-12-07T01:28:46.423Z",
"dateUpdated": "2024-08-02T22:16:46.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28525 (GCVE-0-2023-28525)
Vulnerability from cvelistv5 – Published: 2024-03-01 01:41 – Updated: 2024-08-02 13:43
VLAI?
Title
IBM Engineering Requirements Management cross-site scripting
Summary
IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251052.
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Requirements Management |
Affected:
9.7.2.7
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28525",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-14T19:42:21.681825Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:28:50.717Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:23.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7124058"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251052"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Engineering Requirements Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.7.2.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251052."
}
],
"value": "IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251052."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-01T01:41:48.557Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7124058"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251052"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Engineering Requirements Management cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-28525",
"datePublished": "2024-03-01T01:41:48.557Z",
"dateReserved": "2023-03-16T21:05:56.575Z",
"dateUpdated": "2024-08-02T13:43:23.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1457 (GCVE-0-2018-1457)
Vulnerability from cvelistv5 – Published: 2018-06-27 18:00 – Updated: 2024-09-16 16:58
VLAI?
Summary
An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1.10 application allows an attacker to gain DOORS administrator privileges. IBM X-Force ID: 140208.
Severity ?
CWE
- Bypass Security
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Rational DOORS |
Affected:
9.5.1
Affected: 9.5.1.1 Affected: 9.5.1.2 Affected: 9.5.2 Affected: 9.5.2.1 Affected: 9.6 Affected: 9.5.1.3 Affected: 9.5.1.4 Affected: 9.5.2.2 Affected: 9.5.2.3 Affected: 9.6.0.1 Affected: 9.6.0.2 Affected: 9.6.1 Affected: 9.6.1.1 Affected: 9.5.1.5 Affected: 9.5.2.4 Affected: 9.6.0.3 Affected: 9.6.1.2 Affected: 9.6.1.3 Affected: 9.6.1.4 Affected: 9.5.1.6 Affected: 9.5.2.5 Affected: 9.6.0.4 Affected: 9.5.1.7 Affected: 9.5.2.6 Affected: 9.6.0.5 Affected: 9.6.1.5 Affected: 9.6.1.6 Affected: 9.6.1.7 Affected: 9.5.1.8 Affected: 9.5.2.7 Affected: 9.6.0.6 Affected: 9.6.1.8 Affected: 9.6.1.9 Affected: 9.5.1.9 Affected: 9.5.2.8 Affected: 9.6.0.7 Affected: 9.6.1.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-doors-cve20181457-sec-bypass(140208)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140208"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22017436"
},
{
"name": "104573",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104573"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational DOORS",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.5.1"
},
{
"status": "affected",
"version": "9.5.1.1"
},
{
"status": "affected",
"version": "9.5.1.2"
},
{
"status": "affected",
"version": "9.5.2"
},
{
"status": "affected",
"version": "9.5.2.1"
},
{
"status": "affected",
"version": "9.6"
},
{
"status": "affected",
"version": "9.5.1.3"
},
{
"status": "affected",
"version": "9.5.1.4"
},
{
"status": "affected",
"version": "9.5.2.2"
},
{
"status": "affected",
"version": "9.5.2.3"
},
{
"status": "affected",
"version": "9.6.0.1"
},
{
"status": "affected",
"version": "9.6.0.2"
},
{
"status": "affected",
"version": "9.6.1"
},
{
"status": "affected",
"version": "9.6.1.1"
},
{
"status": "affected",
"version": "9.5.1.5"
},
{
"status": "affected",
"version": "9.5.2.4"
},
{
"status": "affected",
"version": "9.6.0.3"
},
{
"status": "affected",
"version": "9.6.1.2"
},
{
"status": "affected",
"version": "9.6.1.3"
},
{
"status": "affected",
"version": "9.6.1.4"
},
{
"status": "affected",
"version": "9.5.1.6"
},
{
"status": "affected",
"version": "9.5.2.5"
},
{
"status": "affected",
"version": "9.6.0.4"
},
{
"status": "affected",
"version": "9.5.1.7"
},
{
"status": "affected",
"version": "9.5.2.6"
},
{
"status": "affected",
"version": "9.6.0.5"
},
{
"status": "affected",
"version": "9.6.1.5"
},
{
"status": "affected",
"version": "9.6.1.6"
},
{
"status": "affected",
"version": "9.6.1.7"
},
{
"status": "affected",
"version": "9.5.1.8"
},
{
"status": "affected",
"version": "9.5.2.7"
},
{
"status": "affected",
"version": "9.6.0.6"
},
{
"status": "affected",
"version": "9.6.1.8"
},
{
"status": "affected",
"version": "9.6.1.9"
},
{
"status": "affected",
"version": "9.5.1.9"
},
{
"status": "affected",
"version": "9.5.2.8"
},
{
"status": "affected",
"version": "9.6.0.7"
},
{
"status": "affected",
"version": "9.6.1.10"
}
]
}
],
"datePublic": "2018-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1.10 application allows an attacker to gain DOORS administrator privileges. IBM X-Force ID: 140208."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/AC:H/AV:N/C:H/I:H/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass Security",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-29T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-doors-cve20181457-sec-bypass(140208)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140208"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22017436"
},
{
"name": "104573",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104573"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-06-21T00:00:00",
"ID": "CVE-2018-1457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational DOORS",
"version": {
"version_data": [
{
"version_value": "9.5.1"
},
{
"version_value": "9.5.1.1"
},
{
"version_value": "9.5.1.2"
},
{
"version_value": "9.5.2"
},
{
"version_value": "9.5.2.1"
},
{
"version_value": "9.6"
},
{
"version_value": "9.5.1.3"
},
{
"version_value": "9.5.1.4"
},
{
"version_value": "9.5.2.2"
},
{
"version_value": "9.5.2.3"
},
{
"version_value": "9.6.0.1"
},
{
"version_value": "9.6.0.2"
},
{
"version_value": "9.6.1"
},
{
"version_value": "9.6.1.1"
},
{
"version_value": "9.5.1.5"
},
{
"version_value": "9.5.2.4"
},
{
"version_value": "9.6.0.3"
},
{
"version_value": "9.6.1.2"
},
{
"version_value": "9.6.1.3"
},
{
"version_value": "9.6.1.4"
},
{
"version_value": "9.5.1.6"
},
{
"version_value": "9.5.2.5"
},
{
"version_value": "9.6.0.4"
},
{
"version_value": "9.5.1.7"
},
{
"version_value": "9.5.2.6"
},
{
"version_value": "9.6.0.5"
},
{
"version_value": "9.6.1.5"
},
{
"version_value": "9.6.1.6"
},
{
"version_value": "9.6.1.7"
},
{
"version_value": "9.5.1.8"
},
{
"version_value": "9.5.2.7"
},
{
"version_value": "9.6.0.6"
},
{
"version_value": "9.6.1.8"
},
{
"version_value": "9.6.1.9"
},
{
"version_value": "9.5.1.9"
},
{
"version_value": "9.5.2.8"
},
{
"version_value": "9.6.0.7"
},
{
"version_value": "9.6.1.10"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1.10 application allows an attacker to gain DOORS administrator privileges. IBM X-Force ID: 140208."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "H",
"AV": "N",
"C": "H",
"I": "H",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-doors-cve20181457-sec-bypass(140208)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140208"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22017436",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22017436"
},
{
"name": "104573",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104573"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1457",
"datePublished": "2018-06-27T18:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T16:58:51.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1532 (GCVE-0-2017-1532)
Vulnerability from cvelistv5 – Published: 2018-01-26 21:00 – Updated: 2024-09-16 23:21
VLAI?
Summary
IBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130411.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Rational DOORS |
Affected:
9.5
Affected: 9.5.0.1 Affected: 9.5.1 Affected: 9.5.1.1 Affected: 9.5.1.2 Affected: 9.5.2 Affected: 9.5.2.1 Affected: 9.6 Affected: 9.5.0.2 Affected: 9.5.0.3 Affected: 9.5.1.3 Affected: 9.5.1.4 Affected: 9.5.2.2 Affected: 9.5.2.3 Affected: 9.6.0.1 Affected: 9.6.0.2 Affected: 9.6.1 Affected: 9.6.1.1 Affected: 9.5.0.4 Affected: 9.5.1.5 Affected: 9.5.2.4 Affected: 9.6.0.3 Affected: 9.6.1.2 Affected: 9.6.1.3 Affected: 9.6.1.4 Affected: 9.5.0.5 Affected: 9.5.1.6 Affected: 9.5.2.5 Affected: 9.6.0.4 Affected: 9.5.0.6 Affected: 9.5.1.7 Affected: 9.5.2.6 Affected: 9.6.0.5 Affected: 9.6.1.5 Affected: 9.6.1.6 Affected: 9.6.1.7 Affected: 9.5.0.7 Affected: 9.5.1.8 Affected: 9.5.2.7 Affected: 9.6.0.6 Affected: 9.6.1.8 Affected: 9.6.1.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
},
{
"name": "102888",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102888"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130411"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational DOORS",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.5"
},
{
"status": "affected",
"version": "9.5.0.1"
},
{
"status": "affected",
"version": "9.5.1"
},
{
"status": "affected",
"version": "9.5.1.1"
},
{
"status": "affected",
"version": "9.5.1.2"
},
{
"status": "affected",
"version": "9.5.2"
},
{
"status": "affected",
"version": "9.5.2.1"
},
{
"status": "affected",
"version": "9.6"
},
{
"status": "affected",
"version": "9.5.0.2"
},
{
"status": "affected",
"version": "9.5.0.3"
},
{
"status": "affected",
"version": "9.5.1.3"
},
{
"status": "affected",
"version": "9.5.1.4"
},
{
"status": "affected",
"version": "9.5.2.2"
},
{
"status": "affected",
"version": "9.5.2.3"
},
{
"status": "affected",
"version": "9.6.0.1"
},
{
"status": "affected",
"version": "9.6.0.2"
},
{
"status": "affected",
"version": "9.6.1"
},
{
"status": "affected",
"version": "9.6.1.1"
},
{
"status": "affected",
"version": "9.5.0.4"
},
{
"status": "affected",
"version": "9.5.1.5"
},
{
"status": "affected",
"version": "9.5.2.4"
},
{
"status": "affected",
"version": "9.6.0.3"
},
{
"status": "affected",
"version": "9.6.1.2"
},
{
"status": "affected",
"version": "9.6.1.3"
},
{
"status": "affected",
"version": "9.6.1.4"
},
{
"status": "affected",
"version": "9.5.0.5"
},
{
"status": "affected",
"version": "9.5.1.6"
},
{
"status": "affected",
"version": "9.5.2.5"
},
{
"status": "affected",
"version": "9.6.0.4"
},
{
"status": "affected",
"version": "9.5.0.6"
},
{
"status": "affected",
"version": "9.5.1.7"
},
{
"status": "affected",
"version": "9.5.2.6"
},
{
"status": "affected",
"version": "9.6.0.5"
},
{
"status": "affected",
"version": "9.6.1.5"
},
{
"status": "affected",
"version": "9.6.1.6"
},
{
"status": "affected",
"version": "9.6.1.7"
},
{
"status": "affected",
"version": "9.5.0.7"
},
{
"status": "affected",
"version": "9.5.1.8"
},
{
"status": "affected",
"version": "9.5.2.7"
},
{
"status": "affected",
"version": "9.6.0.6"
},
{
"status": "affected",
"version": "9.6.1.8"
},
{
"status": "affected",
"version": "9.6.1.9"
}
]
}
],
"datePublic": "2018-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130411."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
},
{
"name": "102888",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102888"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130411"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-01-23T00:00:00",
"ID": "CVE-2017-1532",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational DOORS",
"version": {
"version_data": [
{
"version_value": "9.5"
},
{
"version_value": "9.5.0.1"
},
{
"version_value": "9.5.1"
},
{
"version_value": "9.5.1.1"
},
{
"version_value": "9.5.1.2"
},
{
"version_value": "9.5.2"
},
{
"version_value": "9.5.2.1"
},
{
"version_value": "9.6"
},
{
"version_value": "9.5.0.2"
},
{
"version_value": "9.5.0.3"
},
{
"version_value": "9.5.1.3"
},
{
"version_value": "9.5.1.4"
},
{
"version_value": "9.5.2.2"
},
{
"version_value": "9.5.2.3"
},
{
"version_value": "9.6.0.1"
},
{
"version_value": "9.6.0.2"
},
{
"version_value": "9.6.1"
},
{
"version_value": "9.6.1.1"
},
{
"version_value": "9.5.0.4"
},
{
"version_value": "9.5.1.5"
},
{
"version_value": "9.5.2.4"
},
{
"version_value": "9.6.0.3"
},
{
"version_value": "9.6.1.2"
},
{
"version_value": "9.6.1.3"
},
{
"version_value": "9.6.1.4"
},
{
"version_value": "9.5.0.5"
},
{
"version_value": "9.5.1.6"
},
{
"version_value": "9.5.2.5"
},
{
"version_value": "9.6.0.4"
},
{
"version_value": "9.5.0.6"
},
{
"version_value": "9.5.1.7"
},
{
"version_value": "9.5.2.6"
},
{
"version_value": "9.6.0.5"
},
{
"version_value": "9.6.1.5"
},
{
"version_value": "9.6.1.6"
},
{
"version_value": "9.6.1.7"
},
{
"version_value": "9.5.0.7"
},
{
"version_value": "9.5.1.8"
},
{
"version_value": "9.5.2.7"
},
{
"version_value": "9.6.0.6"
},
{
"version_value": "9.6.1.8"
},
{
"version_value": "9.6.1.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130411."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012789",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
},
{
"name": "102888",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102888"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130411",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130411"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1532",
"datePublished": "2018-01-26T21:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T23:21:40.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1540 (GCVE-0-2017-1540)
Vulnerability from cvelistv5 – Published: 2018-01-26 21:00 – Updated: 2024-09-16 19:36
VLAI?
Summary
IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130808.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Rational DOORS |
Affected:
9.5
Affected: 9.5.0.1 Affected: 9.5.1 Affected: 9.5.1.1 Affected: 9.5.1.2 Affected: 9.5.2 Affected: 9.5.2.1 Affected: 9.6 Affected: 9.5.0.2 Affected: 9.5.0.3 Affected: 9.5.1.3 Affected: 9.5.1.4 Affected: 9.5.2.2 Affected: 9.5.2.3 Affected: 9.6.0.1 Affected: 9.6.0.2 Affected: 9.6.1 Affected: 9.6.1.1 Affected: 9.5.0.4 Affected: 9.5.1.5 Affected: 9.5.2.4 Affected: 9.6.0.3 Affected: 9.6.1.2 Affected: 9.6.1.3 Affected: 9.6.1.4 Affected: 9.5.0.5 Affected: 9.5.1.6 Affected: 9.5.2.5 Affected: 9.6.0.4 Affected: 9.5.0.6 Affected: 9.5.1.7 Affected: 9.5.2.6 Affected: 9.6.0.5 Affected: 9.6.1.5 Affected: 9.6.1.6 Affected: 9.6.1.7 Affected: 9.5.0.7 Affected: 9.5.1.8 Affected: 9.5.2.7 Affected: 9.6.0.6 Affected: 9.6.1.8 Affected: 9.6.1.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102890",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130808"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational DOORS",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.5"
},
{
"status": "affected",
"version": "9.5.0.1"
},
{
"status": "affected",
"version": "9.5.1"
},
{
"status": "affected",
"version": "9.5.1.1"
},
{
"status": "affected",
"version": "9.5.1.2"
},
{
"status": "affected",
"version": "9.5.2"
},
{
"status": "affected",
"version": "9.5.2.1"
},
{
"status": "affected",
"version": "9.6"
},
{
"status": "affected",
"version": "9.5.0.2"
},
{
"status": "affected",
"version": "9.5.0.3"
},
{
"status": "affected",
"version": "9.5.1.3"
},
{
"status": "affected",
"version": "9.5.1.4"
},
{
"status": "affected",
"version": "9.5.2.2"
},
{
"status": "affected",
"version": "9.5.2.3"
},
{
"status": "affected",
"version": "9.6.0.1"
},
{
"status": "affected",
"version": "9.6.0.2"
},
{
"status": "affected",
"version": "9.6.1"
},
{
"status": "affected",
"version": "9.6.1.1"
},
{
"status": "affected",
"version": "9.5.0.4"
},
{
"status": "affected",
"version": "9.5.1.5"
},
{
"status": "affected",
"version": "9.5.2.4"
},
{
"status": "affected",
"version": "9.6.0.3"
},
{
"status": "affected",
"version": "9.6.1.2"
},
{
"status": "affected",
"version": "9.6.1.3"
},
{
"status": "affected",
"version": "9.6.1.4"
},
{
"status": "affected",
"version": "9.5.0.5"
},
{
"status": "affected",
"version": "9.5.1.6"
},
{
"status": "affected",
"version": "9.5.2.5"
},
{
"status": "affected",
"version": "9.6.0.4"
},
{
"status": "affected",
"version": "9.5.0.6"
},
{
"status": "affected",
"version": "9.5.1.7"
},
{
"status": "affected",
"version": "9.5.2.6"
},
{
"status": "affected",
"version": "9.6.0.5"
},
{
"status": "affected",
"version": "9.6.1.5"
},
{
"status": "affected",
"version": "9.6.1.6"
},
{
"status": "affected",
"version": "9.6.1.7"
},
{
"status": "affected",
"version": "9.5.0.7"
},
{
"status": "affected",
"version": "9.5.1.8"
},
{
"status": "affected",
"version": "9.5.2.7"
},
{
"status": "affected",
"version": "9.6.0.6"
},
{
"status": "affected",
"version": "9.6.1.8"
},
{
"status": "affected",
"version": "9.6.1.9"
}
]
}
],
"datePublic": "2018-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130808."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "102890",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130808"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-01-23T00:00:00",
"ID": "CVE-2017-1540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational DOORS",
"version": {
"version_data": [
{
"version_value": "9.5"
},
{
"version_value": "9.5.0.1"
},
{
"version_value": "9.5.1"
},
{
"version_value": "9.5.1.1"
},
{
"version_value": "9.5.1.2"
},
{
"version_value": "9.5.2"
},
{
"version_value": "9.5.2.1"
},
{
"version_value": "9.6"
},
{
"version_value": "9.5.0.2"
},
{
"version_value": "9.5.0.3"
},
{
"version_value": "9.5.1.3"
},
{
"version_value": "9.5.1.4"
},
{
"version_value": "9.5.2.2"
},
{
"version_value": "9.5.2.3"
},
{
"version_value": "9.6.0.1"
},
{
"version_value": "9.6.0.2"
},
{
"version_value": "9.6.1"
},
{
"version_value": "9.6.1.1"
},
{
"version_value": "9.5.0.4"
},
{
"version_value": "9.5.1.5"
},
{
"version_value": "9.5.2.4"
},
{
"version_value": "9.6.0.3"
},
{
"version_value": "9.6.1.2"
},
{
"version_value": "9.6.1.3"
},
{
"version_value": "9.6.1.4"
},
{
"version_value": "9.5.0.5"
},
{
"version_value": "9.5.1.6"
},
{
"version_value": "9.5.2.5"
},
{
"version_value": "9.6.0.4"
},
{
"version_value": "9.5.0.6"
},
{
"version_value": "9.5.1.7"
},
{
"version_value": "9.5.2.6"
},
{
"version_value": "9.6.0.5"
},
{
"version_value": "9.6.1.5"
},
{
"version_value": "9.6.1.6"
},
{
"version_value": "9.6.1.7"
},
{
"version_value": "9.5.0.7"
},
{
"version_value": "9.5.1.8"
},
{
"version_value": "9.5.2.7"
},
{
"version_value": "9.6.0.6"
},
{
"version_value": "9.6.1.8"
},
{
"version_value": "9.6.1.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130808."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102890",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102890"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012789",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130808",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130808"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1540",
"datePublished": "2018-01-26T21:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T19:36:50.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1545 (GCVE-0-2017-1545)
Vulnerability from cvelistv5 – Published: 2018-01-26 21:00 – Updated: 2024-09-17 00:56
VLAI?
Summary
IBM Doors Web Access 9.5 and 9.6 could allow an attacker with physical access to the system to log into the application using previously stored credentials. IBM X-Force ID: 130914.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Rational DOORS |
Affected:
9.5
Affected: 9.5.0.1 Affected: 9.5.1 Affected: 9.5.1.1 Affected: 9.5.1.2 Affected: 9.5.2 Affected: 9.5.2.1 Affected: 9.6 Affected: 9.5.0.2 Affected: 9.5.0.3 Affected: 9.5.1.3 Affected: 9.5.1.4 Affected: 9.5.2.2 Affected: 9.5.2.3 Affected: 9.6.0.1 Affected: 9.6.0.2 Affected: 9.6.1 Affected: 9.6.1.1 Affected: 9.5.0.4 Affected: 9.5.1.5 Affected: 9.5.2.4 Affected: 9.6.0.3 Affected: 9.6.1.2 Affected: 9.6.1.3 Affected: 9.6.1.4 Affected: 9.5.0.5 Affected: 9.5.1.6 Affected: 9.5.2.5 Affected: 9.6.0.4 Affected: 9.5.0.6 Affected: 9.5.1.7 Affected: 9.5.2.6 Affected: 9.6.0.5 Affected: 9.6.1.5 Affected: 9.6.1.6 Affected: 9.6.1.7 Affected: 9.5.0.7 Affected: 9.5.1.8 Affected: 9.5.2.7 Affected: 9.6.0.6 Affected: 9.6.1.8 Affected: 9.6.1.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:30.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130914"
},
{
"name": "102896",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102896"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational DOORS",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.5"
},
{
"status": "affected",
"version": "9.5.0.1"
},
{
"status": "affected",
"version": "9.5.1"
},
{
"status": "affected",
"version": "9.5.1.1"
},
{
"status": "affected",
"version": "9.5.1.2"
},
{
"status": "affected",
"version": "9.5.2"
},
{
"status": "affected",
"version": "9.5.2.1"
},
{
"status": "affected",
"version": "9.6"
},
{
"status": "affected",
"version": "9.5.0.2"
},
{
"status": "affected",
"version": "9.5.0.3"
},
{
"status": "affected",
"version": "9.5.1.3"
},
{
"status": "affected",
"version": "9.5.1.4"
},
{
"status": "affected",
"version": "9.5.2.2"
},
{
"status": "affected",
"version": "9.5.2.3"
},
{
"status": "affected",
"version": "9.6.0.1"
},
{
"status": "affected",
"version": "9.6.0.2"
},
{
"status": "affected",
"version": "9.6.1"
},
{
"status": "affected",
"version": "9.6.1.1"
},
{
"status": "affected",
"version": "9.5.0.4"
},
{
"status": "affected",
"version": "9.5.1.5"
},
{
"status": "affected",
"version": "9.5.2.4"
},
{
"status": "affected",
"version": "9.6.0.3"
},
{
"status": "affected",
"version": "9.6.1.2"
},
{
"status": "affected",
"version": "9.6.1.3"
},
{
"status": "affected",
"version": "9.6.1.4"
},
{
"status": "affected",
"version": "9.5.0.5"
},
{
"status": "affected",
"version": "9.5.1.6"
},
{
"status": "affected",
"version": "9.5.2.5"
},
{
"status": "affected",
"version": "9.6.0.4"
},
{
"status": "affected",
"version": "9.5.0.6"
},
{
"status": "affected",
"version": "9.5.1.7"
},
{
"status": "affected",
"version": "9.5.2.6"
},
{
"status": "affected",
"version": "9.6.0.5"
},
{
"status": "affected",
"version": "9.6.1.5"
},
{
"status": "affected",
"version": "9.6.1.6"
},
{
"status": "affected",
"version": "9.6.1.7"
},
{
"status": "affected",
"version": "9.5.0.7"
},
{
"status": "affected",
"version": "9.5.1.8"
},
{
"status": "affected",
"version": "9.5.2.7"
},
{
"status": "affected",
"version": "9.6.0.6"
},
{
"status": "affected",
"version": "9.6.1.8"
},
{
"status": "affected",
"version": "9.6.1.9"
}
]
}
],
"datePublic": "2018-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Doors Web Access 9.5 and 9.6 could allow an attacker with physical access to the system to log into the application using previously stored credentials. IBM X-Force ID: 130914."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130914"
},
{
"name": "102896",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102896"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-01-23T00:00:00",
"ID": "CVE-2017-1545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational DOORS",
"version": {
"version_data": [
{
"version_value": "9.5"
},
{
"version_value": "9.5.0.1"
},
{
"version_value": "9.5.1"
},
{
"version_value": "9.5.1.1"
},
{
"version_value": "9.5.1.2"
},
{
"version_value": "9.5.2"
},
{
"version_value": "9.5.2.1"
},
{
"version_value": "9.6"
},
{
"version_value": "9.5.0.2"
},
{
"version_value": "9.5.0.3"
},
{
"version_value": "9.5.1.3"
},
{
"version_value": "9.5.1.4"
},
{
"version_value": "9.5.2.2"
},
{
"version_value": "9.5.2.3"
},
{
"version_value": "9.6.0.1"
},
{
"version_value": "9.6.0.2"
},
{
"version_value": "9.6.1"
},
{
"version_value": "9.6.1.1"
},
{
"version_value": "9.5.0.4"
},
{
"version_value": "9.5.1.5"
},
{
"version_value": "9.5.2.4"
},
{
"version_value": "9.6.0.3"
},
{
"version_value": "9.6.1.2"
},
{
"version_value": "9.6.1.3"
},
{
"version_value": "9.6.1.4"
},
{
"version_value": "9.5.0.5"
},
{
"version_value": "9.5.1.6"
},
{
"version_value": "9.5.2.5"
},
{
"version_value": "9.6.0.4"
},
{
"version_value": "9.5.0.6"
},
{
"version_value": "9.5.1.7"
},
{
"version_value": "9.5.2.6"
},
{
"version_value": "9.6.0.5"
},
{
"version_value": "9.6.1.5"
},
{
"version_value": "9.6.1.6"
},
{
"version_value": "9.6.1.7"
},
{
"version_value": "9.5.0.7"
},
{
"version_value": "9.5.1.8"
},
{
"version_value": "9.5.2.7"
},
{
"version_value": "9.6.0.6"
},
{
"version_value": "9.6.1.8"
},
{
"version_value": "9.6.1.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Doors Web Access 9.5 and 9.6 could allow an attacker with physical access to the system to log into the application using previously stored credentials. IBM X-Force ID: 130914."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130914",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130914"
},
{
"name": "102896",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102896"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012789",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1545",
"datePublished": "2018-01-26T21:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T00:56:39.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43190 (GCVE-0-2024-43190)
Vulnerability from nvd – Published: 2025-07-07 17:45 – Updated: 2025-08-24 11:31
VLAI?
Title
IBM Engineering Requirements Management DOORS weak authentication
Summary
IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a remote attacker to obtain password reset instructions of a legitimate user using man in the middle techniques.
Severity ?
5.9 (Medium)
CWE
- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Requirements Management DOORS |
Affected:
9.7.2.9
cpe:2.3:a:ibm:engineering_requirements_management_doors:9.7.2.9:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43190",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T13:38:09.385849Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T13:38:20.322Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:engineering_requirements_management_doors:9.7.2.9:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Engineering Requirements Management DOORS",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.7.2.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a remote attacker to obtain password reset instructions of a legitimate user using man in the middle techniques."
}
],
"value": "IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a remote attacker to obtain password reset instructions of a legitimate user using man in the middle techniques."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:31:35.546Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7238992"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM strongly recommends addressing the vulnerabilities now by taking the actions documented in this bulletin.\u003cbr\u003e\u003cbr\u003eFor The IBM Engineering Requirements Management DOORS/DWA product versions 9.7.x, install the fix pack 9.7.2.10.\u003cbr\u003e\u003cbr\u003eYou can download the fix pack for 9.7.2.10 from Fix Central.\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by taking the actions documented in this bulletin.\n\nFor The IBM Engineering Requirements Management DOORS/DWA product versions 9.7.x, install the fix pack 9.7.2.10.\n\nYou can download the fix pack for 9.7.2.10 from Fix Central."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Engineering Requirements Management DOORS weak authentication",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-43190",
"datePublished": "2025-07-07T17:45:51.426Z",
"dateReserved": "2024-08-07T13:29:48.159Z",
"dateUpdated": "2025-08-24T11:31:35.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50304 (GCVE-0-2023-50304)
Vulnerability from nvd – Published: 2024-07-18 16:01 – Updated: 2024-08-02 22:16
VLAI?
Title
IBM Engineering Requirements Management DOORS XML external entity injection
Summary
IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 273335.
Severity ?
7.1 (High)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Requirements Management DOORS |
Affected:
9.7.2.8
cpe:2.3:a:ibm:engineering_requirements_management_doors:9.7.2.7:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50304",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T14:41:09.585350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T14:41:54.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7160471"
},
{
"tags": [
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273335"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:engineering_requirements_management_doors:9.7.2.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Engineering Requirements Management DOORS",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.7.2.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 273335."
}
],
"value": "IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 273335."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T16:01:38.174Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160471"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273335"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Engineering Requirements Management DOORS XML external entity injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-50304",
"datePublished": "2024-07-18T16:01:38.174Z",
"dateReserved": "2023-12-07T01:28:46.423Z",
"dateUpdated": "2024-08-02T22:16:46.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28949 (GCVE-0-2023-28949)
Vulnerability from nvd – Published: 2024-03-01 01:47 – Updated: 2024-08-02 13:51
VLAI?
Title
IBM Engineering Requirements Management cross-site request forgery
Summary
IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216.
Severity ?
6.5 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Requirements Management |
Affected:
9.7.2.7
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28949",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T17:42:10.709028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:47.318Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7124058"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251216"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Engineering Requirements Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.7.2.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216."
}
],
"value": "IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-01T01:53:43.368Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7124058"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251216"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Engineering Requirements Management cross-site request forgery",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-28949",
"datePublished": "2024-03-01T01:47:15.207Z",
"dateReserved": "2023-03-29T01:33:55.064Z",
"dateUpdated": "2024-08-02T13:51:38.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50305 (GCVE-0-2023-50305)
Vulnerability from nvd – Published: 2024-03-01 01:44 – Updated: 2024-08-02 22:16
VLAI?
Title
IBM Engineering Requirements Management information disclosure
Summary
IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336.
Severity ?
5.1 (Medium)
CWE
- CWE-521 - Weak Password Requirements
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Requirements Management |
Affected:
9.7.2.7
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50305",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-01T15:39:44.001928Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:05.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7124058"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273336"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Engineering Requirements Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.7.2.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336."
}
],
"value": "IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-01T01:44:34.005Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7124058"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273336"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Engineering Requirements Management information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-50305",
"datePublished": "2024-03-01T01:44:34.005Z",
"dateReserved": "2023-12-07T01:28:46.423Z",
"dateUpdated": "2024-08-02T22:16:46.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28525 (GCVE-0-2023-28525)
Vulnerability from nvd – Published: 2024-03-01 01:41 – Updated: 2024-08-02 13:43
VLAI?
Title
IBM Engineering Requirements Management cross-site scripting
Summary
IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251052.
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Requirements Management |
Affected:
9.7.2.7
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28525",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-14T19:42:21.681825Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:28:50.717Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:23.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7124058"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251052"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Engineering Requirements Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.7.2.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251052."
}
],
"value": "IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251052."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-01T01:41:48.557Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7124058"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251052"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Engineering Requirements Management cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-28525",
"datePublished": "2024-03-01T01:41:48.557Z",
"dateReserved": "2023-03-16T21:05:56.575Z",
"dateUpdated": "2024-08-02T13:43:23.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1457 (GCVE-0-2018-1457)
Vulnerability from nvd – Published: 2018-06-27 18:00 – Updated: 2024-09-16 16:58
VLAI?
Summary
An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1.10 application allows an attacker to gain DOORS administrator privileges. IBM X-Force ID: 140208.
Severity ?
CWE
- Bypass Security
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Rational DOORS |
Affected:
9.5.1
Affected: 9.5.1.1 Affected: 9.5.1.2 Affected: 9.5.2 Affected: 9.5.2.1 Affected: 9.6 Affected: 9.5.1.3 Affected: 9.5.1.4 Affected: 9.5.2.2 Affected: 9.5.2.3 Affected: 9.6.0.1 Affected: 9.6.0.2 Affected: 9.6.1 Affected: 9.6.1.1 Affected: 9.5.1.5 Affected: 9.5.2.4 Affected: 9.6.0.3 Affected: 9.6.1.2 Affected: 9.6.1.3 Affected: 9.6.1.4 Affected: 9.5.1.6 Affected: 9.5.2.5 Affected: 9.6.0.4 Affected: 9.5.1.7 Affected: 9.5.2.6 Affected: 9.6.0.5 Affected: 9.6.1.5 Affected: 9.6.1.6 Affected: 9.6.1.7 Affected: 9.5.1.8 Affected: 9.5.2.7 Affected: 9.6.0.6 Affected: 9.6.1.8 Affected: 9.6.1.9 Affected: 9.5.1.9 Affected: 9.5.2.8 Affected: 9.6.0.7 Affected: 9.6.1.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-doors-cve20181457-sec-bypass(140208)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140208"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22017436"
},
{
"name": "104573",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104573"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational DOORS",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.5.1"
},
{
"status": "affected",
"version": "9.5.1.1"
},
{
"status": "affected",
"version": "9.5.1.2"
},
{
"status": "affected",
"version": "9.5.2"
},
{
"status": "affected",
"version": "9.5.2.1"
},
{
"status": "affected",
"version": "9.6"
},
{
"status": "affected",
"version": "9.5.1.3"
},
{
"status": "affected",
"version": "9.5.1.4"
},
{
"status": "affected",
"version": "9.5.2.2"
},
{
"status": "affected",
"version": "9.5.2.3"
},
{
"status": "affected",
"version": "9.6.0.1"
},
{
"status": "affected",
"version": "9.6.0.2"
},
{
"status": "affected",
"version": "9.6.1"
},
{
"status": "affected",
"version": "9.6.1.1"
},
{
"status": "affected",
"version": "9.5.1.5"
},
{
"status": "affected",
"version": "9.5.2.4"
},
{
"status": "affected",
"version": "9.6.0.3"
},
{
"status": "affected",
"version": "9.6.1.2"
},
{
"status": "affected",
"version": "9.6.1.3"
},
{
"status": "affected",
"version": "9.6.1.4"
},
{
"status": "affected",
"version": "9.5.1.6"
},
{
"status": "affected",
"version": "9.5.2.5"
},
{
"status": "affected",
"version": "9.6.0.4"
},
{
"status": "affected",
"version": "9.5.1.7"
},
{
"status": "affected",
"version": "9.5.2.6"
},
{
"status": "affected",
"version": "9.6.0.5"
},
{
"status": "affected",
"version": "9.6.1.5"
},
{
"status": "affected",
"version": "9.6.1.6"
},
{
"status": "affected",
"version": "9.6.1.7"
},
{
"status": "affected",
"version": "9.5.1.8"
},
{
"status": "affected",
"version": "9.5.2.7"
},
{
"status": "affected",
"version": "9.6.0.6"
},
{
"status": "affected",
"version": "9.6.1.8"
},
{
"status": "affected",
"version": "9.6.1.9"
},
{
"status": "affected",
"version": "9.5.1.9"
},
{
"status": "affected",
"version": "9.5.2.8"
},
{
"status": "affected",
"version": "9.6.0.7"
},
{
"status": "affected",
"version": "9.6.1.10"
}
]
}
],
"datePublic": "2018-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1.10 application allows an attacker to gain DOORS administrator privileges. IBM X-Force ID: 140208."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:H/AC:H/AV:N/C:H/I:H/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass Security",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-29T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-doors-cve20181457-sec-bypass(140208)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140208"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22017436"
},
{
"name": "104573",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104573"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-06-21T00:00:00",
"ID": "CVE-2018-1457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational DOORS",
"version": {
"version_data": [
{
"version_value": "9.5.1"
},
{
"version_value": "9.5.1.1"
},
{
"version_value": "9.5.1.2"
},
{
"version_value": "9.5.2"
},
{
"version_value": "9.5.2.1"
},
{
"version_value": "9.6"
},
{
"version_value": "9.5.1.3"
},
{
"version_value": "9.5.1.4"
},
{
"version_value": "9.5.2.2"
},
{
"version_value": "9.5.2.3"
},
{
"version_value": "9.6.0.1"
},
{
"version_value": "9.6.0.2"
},
{
"version_value": "9.6.1"
},
{
"version_value": "9.6.1.1"
},
{
"version_value": "9.5.1.5"
},
{
"version_value": "9.5.2.4"
},
{
"version_value": "9.6.0.3"
},
{
"version_value": "9.6.1.2"
},
{
"version_value": "9.6.1.3"
},
{
"version_value": "9.6.1.4"
},
{
"version_value": "9.5.1.6"
},
{
"version_value": "9.5.2.5"
},
{
"version_value": "9.6.0.4"
},
{
"version_value": "9.5.1.7"
},
{
"version_value": "9.5.2.6"
},
{
"version_value": "9.6.0.5"
},
{
"version_value": "9.6.1.5"
},
{
"version_value": "9.6.1.6"
},
{
"version_value": "9.6.1.7"
},
{
"version_value": "9.5.1.8"
},
{
"version_value": "9.5.2.7"
},
{
"version_value": "9.6.0.6"
},
{
"version_value": "9.6.1.8"
},
{
"version_value": "9.6.1.9"
},
{
"version_value": "9.5.1.9"
},
{
"version_value": "9.5.2.8"
},
{
"version_value": "9.6.0.7"
},
{
"version_value": "9.6.1.10"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1.10 application allows an attacker to gain DOORS administrator privileges. IBM X-Force ID: 140208."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "H",
"AV": "N",
"C": "H",
"I": "H",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-doors-cve20181457-sec-bypass(140208)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/140208"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22017436",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22017436"
},
{
"name": "104573",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104573"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1457",
"datePublished": "2018-06-27T18:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T16:58:51.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1532 (GCVE-0-2017-1532)
Vulnerability from nvd – Published: 2018-01-26 21:00 – Updated: 2024-09-16 23:21
VLAI?
Summary
IBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130411.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Rational DOORS |
Affected:
9.5
Affected: 9.5.0.1 Affected: 9.5.1 Affected: 9.5.1.1 Affected: 9.5.1.2 Affected: 9.5.2 Affected: 9.5.2.1 Affected: 9.6 Affected: 9.5.0.2 Affected: 9.5.0.3 Affected: 9.5.1.3 Affected: 9.5.1.4 Affected: 9.5.2.2 Affected: 9.5.2.3 Affected: 9.6.0.1 Affected: 9.6.0.2 Affected: 9.6.1 Affected: 9.6.1.1 Affected: 9.5.0.4 Affected: 9.5.1.5 Affected: 9.5.2.4 Affected: 9.6.0.3 Affected: 9.6.1.2 Affected: 9.6.1.3 Affected: 9.6.1.4 Affected: 9.5.0.5 Affected: 9.5.1.6 Affected: 9.5.2.5 Affected: 9.6.0.4 Affected: 9.5.0.6 Affected: 9.5.1.7 Affected: 9.5.2.6 Affected: 9.6.0.5 Affected: 9.6.1.5 Affected: 9.6.1.6 Affected: 9.6.1.7 Affected: 9.5.0.7 Affected: 9.5.1.8 Affected: 9.5.2.7 Affected: 9.6.0.6 Affected: 9.6.1.8 Affected: 9.6.1.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
},
{
"name": "102888",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102888"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130411"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational DOORS",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.5"
},
{
"status": "affected",
"version": "9.5.0.1"
},
{
"status": "affected",
"version": "9.5.1"
},
{
"status": "affected",
"version": "9.5.1.1"
},
{
"status": "affected",
"version": "9.5.1.2"
},
{
"status": "affected",
"version": "9.5.2"
},
{
"status": "affected",
"version": "9.5.2.1"
},
{
"status": "affected",
"version": "9.6"
},
{
"status": "affected",
"version": "9.5.0.2"
},
{
"status": "affected",
"version": "9.5.0.3"
},
{
"status": "affected",
"version": "9.5.1.3"
},
{
"status": "affected",
"version": "9.5.1.4"
},
{
"status": "affected",
"version": "9.5.2.2"
},
{
"status": "affected",
"version": "9.5.2.3"
},
{
"status": "affected",
"version": "9.6.0.1"
},
{
"status": "affected",
"version": "9.6.0.2"
},
{
"status": "affected",
"version": "9.6.1"
},
{
"status": "affected",
"version": "9.6.1.1"
},
{
"status": "affected",
"version": "9.5.0.4"
},
{
"status": "affected",
"version": "9.5.1.5"
},
{
"status": "affected",
"version": "9.5.2.4"
},
{
"status": "affected",
"version": "9.6.0.3"
},
{
"status": "affected",
"version": "9.6.1.2"
},
{
"status": "affected",
"version": "9.6.1.3"
},
{
"status": "affected",
"version": "9.6.1.4"
},
{
"status": "affected",
"version": "9.5.0.5"
},
{
"status": "affected",
"version": "9.5.1.6"
},
{
"status": "affected",
"version": "9.5.2.5"
},
{
"status": "affected",
"version": "9.6.0.4"
},
{
"status": "affected",
"version": "9.5.0.6"
},
{
"status": "affected",
"version": "9.5.1.7"
},
{
"status": "affected",
"version": "9.5.2.6"
},
{
"status": "affected",
"version": "9.6.0.5"
},
{
"status": "affected",
"version": "9.6.1.5"
},
{
"status": "affected",
"version": "9.6.1.6"
},
{
"status": "affected",
"version": "9.6.1.7"
},
{
"status": "affected",
"version": "9.5.0.7"
},
{
"status": "affected",
"version": "9.5.1.8"
},
{
"status": "affected",
"version": "9.5.2.7"
},
{
"status": "affected",
"version": "9.6.0.6"
},
{
"status": "affected",
"version": "9.6.1.8"
},
{
"status": "affected",
"version": "9.6.1.9"
}
]
}
],
"datePublic": "2018-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130411."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
},
{
"name": "102888",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102888"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130411"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-01-23T00:00:00",
"ID": "CVE-2017-1532",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational DOORS",
"version": {
"version_data": [
{
"version_value": "9.5"
},
{
"version_value": "9.5.0.1"
},
{
"version_value": "9.5.1"
},
{
"version_value": "9.5.1.1"
},
{
"version_value": "9.5.1.2"
},
{
"version_value": "9.5.2"
},
{
"version_value": "9.5.2.1"
},
{
"version_value": "9.6"
},
{
"version_value": "9.5.0.2"
},
{
"version_value": "9.5.0.3"
},
{
"version_value": "9.5.1.3"
},
{
"version_value": "9.5.1.4"
},
{
"version_value": "9.5.2.2"
},
{
"version_value": "9.5.2.3"
},
{
"version_value": "9.6.0.1"
},
{
"version_value": "9.6.0.2"
},
{
"version_value": "9.6.1"
},
{
"version_value": "9.6.1.1"
},
{
"version_value": "9.5.0.4"
},
{
"version_value": "9.5.1.5"
},
{
"version_value": "9.5.2.4"
},
{
"version_value": "9.6.0.3"
},
{
"version_value": "9.6.1.2"
},
{
"version_value": "9.6.1.3"
},
{
"version_value": "9.6.1.4"
},
{
"version_value": "9.5.0.5"
},
{
"version_value": "9.5.1.6"
},
{
"version_value": "9.5.2.5"
},
{
"version_value": "9.6.0.4"
},
{
"version_value": "9.5.0.6"
},
{
"version_value": "9.5.1.7"
},
{
"version_value": "9.5.2.6"
},
{
"version_value": "9.6.0.5"
},
{
"version_value": "9.6.1.5"
},
{
"version_value": "9.6.1.6"
},
{
"version_value": "9.6.1.7"
},
{
"version_value": "9.5.0.7"
},
{
"version_value": "9.5.1.8"
},
{
"version_value": "9.5.2.7"
},
{
"version_value": "9.6.0.6"
},
{
"version_value": "9.6.1.8"
},
{
"version_value": "9.6.1.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130411."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012789",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
},
{
"name": "102888",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102888"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130411",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130411"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1532",
"datePublished": "2018-01-26T21:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T23:21:40.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1540 (GCVE-0-2017-1540)
Vulnerability from nvd – Published: 2018-01-26 21:00 – Updated: 2024-09-16 19:36
VLAI?
Summary
IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130808.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Rational DOORS |
Affected:
9.5
Affected: 9.5.0.1 Affected: 9.5.1 Affected: 9.5.1.1 Affected: 9.5.1.2 Affected: 9.5.2 Affected: 9.5.2.1 Affected: 9.6 Affected: 9.5.0.2 Affected: 9.5.0.3 Affected: 9.5.1.3 Affected: 9.5.1.4 Affected: 9.5.2.2 Affected: 9.5.2.3 Affected: 9.6.0.1 Affected: 9.6.0.2 Affected: 9.6.1 Affected: 9.6.1.1 Affected: 9.5.0.4 Affected: 9.5.1.5 Affected: 9.5.2.4 Affected: 9.6.0.3 Affected: 9.6.1.2 Affected: 9.6.1.3 Affected: 9.6.1.4 Affected: 9.5.0.5 Affected: 9.5.1.6 Affected: 9.5.2.5 Affected: 9.6.0.4 Affected: 9.5.0.6 Affected: 9.5.1.7 Affected: 9.5.2.6 Affected: 9.6.0.5 Affected: 9.6.1.5 Affected: 9.6.1.6 Affected: 9.6.1.7 Affected: 9.5.0.7 Affected: 9.5.1.8 Affected: 9.5.2.7 Affected: 9.6.0.6 Affected: 9.6.1.8 Affected: 9.6.1.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102890",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130808"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational DOORS",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.5"
},
{
"status": "affected",
"version": "9.5.0.1"
},
{
"status": "affected",
"version": "9.5.1"
},
{
"status": "affected",
"version": "9.5.1.1"
},
{
"status": "affected",
"version": "9.5.1.2"
},
{
"status": "affected",
"version": "9.5.2"
},
{
"status": "affected",
"version": "9.5.2.1"
},
{
"status": "affected",
"version": "9.6"
},
{
"status": "affected",
"version": "9.5.0.2"
},
{
"status": "affected",
"version": "9.5.0.3"
},
{
"status": "affected",
"version": "9.5.1.3"
},
{
"status": "affected",
"version": "9.5.1.4"
},
{
"status": "affected",
"version": "9.5.2.2"
},
{
"status": "affected",
"version": "9.5.2.3"
},
{
"status": "affected",
"version": "9.6.0.1"
},
{
"status": "affected",
"version": "9.6.0.2"
},
{
"status": "affected",
"version": "9.6.1"
},
{
"status": "affected",
"version": "9.6.1.1"
},
{
"status": "affected",
"version": "9.5.0.4"
},
{
"status": "affected",
"version": "9.5.1.5"
},
{
"status": "affected",
"version": "9.5.2.4"
},
{
"status": "affected",
"version": "9.6.0.3"
},
{
"status": "affected",
"version": "9.6.1.2"
},
{
"status": "affected",
"version": "9.6.1.3"
},
{
"status": "affected",
"version": "9.6.1.4"
},
{
"status": "affected",
"version": "9.5.0.5"
},
{
"status": "affected",
"version": "9.5.1.6"
},
{
"status": "affected",
"version": "9.5.2.5"
},
{
"status": "affected",
"version": "9.6.0.4"
},
{
"status": "affected",
"version": "9.5.0.6"
},
{
"status": "affected",
"version": "9.5.1.7"
},
{
"status": "affected",
"version": "9.5.2.6"
},
{
"status": "affected",
"version": "9.6.0.5"
},
{
"status": "affected",
"version": "9.6.1.5"
},
{
"status": "affected",
"version": "9.6.1.6"
},
{
"status": "affected",
"version": "9.6.1.7"
},
{
"status": "affected",
"version": "9.5.0.7"
},
{
"status": "affected",
"version": "9.5.1.8"
},
{
"status": "affected",
"version": "9.5.2.7"
},
{
"status": "affected",
"version": "9.6.0.6"
},
{
"status": "affected",
"version": "9.6.1.8"
},
{
"status": "affected",
"version": "9.6.1.9"
}
]
}
],
"datePublic": "2018-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130808."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "102890",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130808"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-01-23T00:00:00",
"ID": "CVE-2017-1540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational DOORS",
"version": {
"version_data": [
{
"version_value": "9.5"
},
{
"version_value": "9.5.0.1"
},
{
"version_value": "9.5.1"
},
{
"version_value": "9.5.1.1"
},
{
"version_value": "9.5.1.2"
},
{
"version_value": "9.5.2"
},
{
"version_value": "9.5.2.1"
},
{
"version_value": "9.6"
},
{
"version_value": "9.5.0.2"
},
{
"version_value": "9.5.0.3"
},
{
"version_value": "9.5.1.3"
},
{
"version_value": "9.5.1.4"
},
{
"version_value": "9.5.2.2"
},
{
"version_value": "9.5.2.3"
},
{
"version_value": "9.6.0.1"
},
{
"version_value": "9.6.0.2"
},
{
"version_value": "9.6.1"
},
{
"version_value": "9.6.1.1"
},
{
"version_value": "9.5.0.4"
},
{
"version_value": "9.5.1.5"
},
{
"version_value": "9.5.2.4"
},
{
"version_value": "9.6.0.3"
},
{
"version_value": "9.6.1.2"
},
{
"version_value": "9.6.1.3"
},
{
"version_value": "9.6.1.4"
},
{
"version_value": "9.5.0.5"
},
{
"version_value": "9.5.1.6"
},
{
"version_value": "9.5.2.5"
},
{
"version_value": "9.6.0.4"
},
{
"version_value": "9.5.0.6"
},
{
"version_value": "9.5.1.7"
},
{
"version_value": "9.5.2.6"
},
{
"version_value": "9.6.0.5"
},
{
"version_value": "9.6.1.5"
},
{
"version_value": "9.6.1.6"
},
{
"version_value": "9.6.1.7"
},
{
"version_value": "9.5.0.7"
},
{
"version_value": "9.5.1.8"
},
{
"version_value": "9.5.2.7"
},
{
"version_value": "9.6.0.6"
},
{
"version_value": "9.6.1.8"
},
{
"version_value": "9.6.1.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130808."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102890",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102890"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012789",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012789"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130808",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130808"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1540",
"datePublished": "2018-01-26T21:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T19:36:50.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}