IBM DOORS Vulnerable to Cross-Site Request Forgery
CVE-2023-28949

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Engineering Requirements Management
Vendor: CVE Published:; 1 March 2024

Summary

IBM Engineering Requirements Management DOORS version 9.7.2.7 contains a vulnerability that allows cross-site request forgery (CSRF), exposing users to the risk of attackers executing unauthorized actions. This occurs when a trusted user interacts with a compromised website that sends harmful requests, leveraging their authenticated session within the application. The vulnerability emphasizes the need for additional security measures to mitigate risks associated with user interactions in web applications. For more details, consult the advisories from IBM's support and security platforms.

Affected Version(s)

Engineering Requirements Management 9.7.2.7

References

https://www.ibm.com/support/pages/node/7124058

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/251216

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 1, 2024
Vulnerability Reserved
Mar 29, 2023