IBM Engineering Requirements Management DOORS Next Vulnerable to XML External Entity Injection Attack
CVE-2023-45192

8.2HIGH

Key Information:

Vendor: IBM
Status: Engineering Requirements Management Doors Next
Vendor: CVE Published:; 6 June 2024

Summary

The vulnerability in IBM Engineering Requirements Management DOORS Next versions 7.0.2 and 7.0.3 is related to XML External Entity Injection (XXE). This flaw allows a remote attacker to exploit the XML processing mechanism, which could lead to the exposure of sensitive information stored within the application. Additionally, this vulnerability could enable an attacker to consume memory resources, potentially leading to application unavailability. Organizations using the affected versions should consider applying patches or mitigations to protect against potential exploitation. For more information, refer to IBM's official advisory and the vulnerability database entry.

Affected Version(s)

Engineering Requirements Management DOORS Next 7.0.2, 7.0.3

References

https://www.ibm.com/support/pages/node/7156492

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/268758

vdb-entry

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 6, 2024
Vulnerability Reserved
Oct 5, 2023