IBM Engineering Requirements Management DOORS Next Vulnerable to XML External Entity Injection Attack
CVE-2023-45192
8.2HIGH
Key Information
- Vendor
- IBM
- Status
- Engineering Requirements Management Doors Next
- Vendor
- Published:
- 6 June 2024
Summary
IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 268758.
Affected Version(s)
Engineering Requirements Management DOORS Next = 7.0.2, 7.0.3
CVSS V3.1
Score:
8.2
Severity:
HIGH
Confidentiality:
HIGH
Integrity:
NONE
Availability:
LOW
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database