IBM DOORS Web Access Vulnerable to XML External Entity Injection Attack
CVE-2023-50304

8.2HIGH

Key Information:

Vendor: IBM
Status: Engineering Requirements Management Doors
Vendor: CVE Published:; 18 July 2024

Summary

IBM Engineering Requirements Management DOORS Web Access version 9.7.2.8 is susceptible to an XML External Entity Injection (XXE) attack during the processing of XML data. This flaw can be leveraged by remote attackers to expose confidential information or exhaust memory resources, potentially leading to a disruption in service and data breaches. Organizations utilizing this product are encouraged to implement appropriate security measures to mitigate the risks associated with this vulnerability.

Affected Version(s)

Engineering Requirements Management DOORS 9.7.2.8

References

https://www.ibm.com/support/pages/node/7160471

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/273335

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 18, 2024
Vulnerability Reserved
Dec 7, 2023