cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-41787,https://securityvulnerability.io/vulnerability/CVE-2024-41787,Remote Code Execution Vulnerability in IBM Engineering Requirements Management DOORS,"A vulnerability in IBM Engineering Requirements Management DOORS versions 7.0.2 and 7.0.3 allows attackers to bypass security restrictions due to a race condition. An attacker can exploit this issue by sending a specially crafted request, potentially leading to remote code execution, compromising the integrity and confidentiality of the system.",IBM,Engineering Requirements Management Doors Next,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-01-10T13:18:51.866Z,146
CVE-2023-50304,https://securityvulnerability.io/vulnerability/CVE-2023-50304,IBM DOORS Web Access Vulnerable to XML External Entity Injection Attack,"IBM Engineering Requirements Management DOORS Web Access version 9.7.2.8 is susceptible to an XML External Entity Injection (XXE) attack during the processing of XML data. This flaw can be leveraged by remote attackers to expose confidential information or exhaust memory resources, potentially leading to a disruption in service and data breaches. Organizations utilizing this product are encouraged to implement appropriate security measures to mitigate the risks associated with this vulnerability.",IBM,Engineering Requirements Management Doors,8.2,HIGH,0.0007600000244565308,false,,false,false,false,,,false,false,,2024-07-18T16:01:38.174Z,0
CVE-2023-45192,https://securityvulnerability.io/vulnerability/CVE-2023-45192,IBM Engineering Requirements Management DOORS Next Vulnerable to XML External Entity Injection Attack,"The vulnerability in IBM Engineering Requirements Management DOORS Next versions 7.0.2 and 7.0.3 is related to XML External Entity Injection (XXE). This flaw allows a remote attacker to exploit the XML processing mechanism, which could lead to the exposure of sensitive information stored within the application. Additionally, this vulnerability could enable an attacker to consume memory resources, potentially leading to application unavailability. Organizations using the affected versions should consider applying patches or mitigations to protect against potential exploitation. For more information, refer to IBM's official advisory and the vulnerability database entry.",IBM,Engineering Requirements Management Doors Next,8.2,HIGH,0.0007600000244565308,false,,false,false,false,,,false,false,,2024-06-06T18:49:05.734Z,0
CVE-2023-28949,https://securityvulnerability.io/vulnerability/CVE-2023-28949,IBM DOORS Vulnerable to Cross-Site Request Forgery,"IBM Engineering Requirements Management DOORS version 9.7.2.7 contains a vulnerability that allows cross-site request forgery (CSRF), exposing users to the risk of attackers executing unauthorized actions. This occurs when a trusted user interacts with a compromised website that sends harmful requests, leveraging their authenticated session within the application. The vulnerability emphasizes the need for additional security measures to mitigate risks associated with user interactions in web applications. For more details, consult the advisories from IBM's support and security platforms.",IBM,Engineering Requirements Management,6.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-03-01T01:47:15.207Z,0
CVE-2023-50305,https://securityvulnerability.io/vulnerability/CVE-2023-50305,Weak Passwords Put IBM DOORS Users at Risk of Compromise,"IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.  IBM X-Force ID:  273336.",IBM,Engineering Requirements Management,5.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-03-01T01:44:34.005Z,0
CVE-2023-28525,https://securityvulnerability.io/vulnerability/CVE-2023-28525,IBM Engineering Requirements Management vulnerable to Cross-Site Scripting,"IBM Engineering Requirements Management 9.7.2.7 is susceptible to cross-site scripting, which enables users to inject arbitrary JavaScript code into the Web UI. This exploitation can modify the intended functionality of the user interface, posing a risk of credentials disclosure within a trusted session. As a result, attackers can potentially access confidential information during authenticated user sessions.",IBM,Engineering Requirements Management,4.8,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-03-01T01:41:48.557Z,0
CVE-2014-3092,https://securityvulnerability.io/vulnerability/CVE-2014-3092,,"IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.",IBM,"Rational Engineering Lifecycle Manager,Rational Requirements Composer,Rational Software Architect Design Manager,Rational Quality Manager,Rational Team Concert,Rational Rhapsody Design Manager,Rational Doors Next Generation",,,0.001769999973475933,false,,false,false,false,,,false,false,,2014-09-12T01:00:00.000Z,0