IBM DOORS Vulnerable to Cross-Site Request Forgery
CVE-2023-28949

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Engineering Requirements Management
Vendor: CVE Published:; 1 March 2024

What is CVE-2023-28949?

IBM Engineering Requirements Management DOORS version 9.7.2.7 contains a vulnerability that allows cross-site request forgery (CSRF), exposing users to the risk of attackers executing unauthorized actions. This occurs when a trusted user interacts with a compromised website that sends harmful requests, leveraging their authenticated session within the application. The vulnerability emphasizes the need for additional security measures to mitigate risks associated with user interactions in web applications. For more details, consult the advisories from IBM's support and security platforms.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Engineering Requirements Management 9.7.2.7

References

https://www.ibm.com/support/pages/node/7124058

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/251216

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 1, 2024
Vulnerability Reserved
Mar 29, 2023

JSON

IBM

What is CVE-2023-28949?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.