Engineering Requirements Management Doors Next

engineering_requirements_management_doors_next

Vendor: Ibm • 21 CVEs

CVEs (21)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-13734 1Ibm 1Engineering Requirements Management Doors Next Mar 4, 2026 Mar 3, 2026 N/A· v4 5.4 MEDIUM· v3 N/A· v2 IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions.
CVE-2025-33096 1Ibm 1Engineering Requirements Management Doors Next Oct 16, 2025 Oct 12, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion.
CVE-2025-2140 1Ibm 1Engineering Requirements Management Doors Next Oct 16, 2025 Oct 12, 2025 N/A· v4 5.7 MEDIUM· v3 N/A· v2 IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source data.
CVE-2025-2139 1Ibm 1Engineering Requirements Management Doors Next Oct 16, 2025 Oct 12, 2025 N/A· v4 3.5 LOW· v3 N/A· v2 IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security.
CVE-2025-2138 1Ibm 1Engineering Requirements Management Doors Next Oct 16, 2025 Oct 12, 2025 N/A· v4 3.5 LOW· v3 N/A· v2 IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security.
CVE-2024-43169 1Ibm 1Engineering Requirements Management Doors Next Mar 7, 2025 Mar 3, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code.
CVE-2024-41771 1Ibm 1Engineering Requirements Management Doors Next Mar 7, 2025 Mar 3, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.
CVE-2024-41770 1Ibm 1Engineering Requirements Management Doors Next Mar 7, 2025 Mar 3, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.
CVE-2021-20519 1Ibm 12Collaborative Lifecycle Management Doors NextEngineering Insights+9 more Nov 21, 2024 Apr 12, 2021 N/A· v4 5.4 MEDIUM· v3 4.3 MEDIUM· v2 IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to crede...Show more IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198441.Show less
CVE-2020-4965 1Ibm 12Collaborative Lifecycle Management Doors NextEngineering Insights+9 more Nov 21, 2024 Apr 12, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422.
CVE-2020-4964 1Ibm 12Collaborative Lifecycle Management Doors NextEngineering Insights+9 more Nov 21, 2024 Apr 12, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 19241...Show more IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419.Show less
CVE-2020-4920 1Ibm 12Collaborative Lifecycle Management Doors NextEngineering Insights+9 more Nov 21, 2024 Apr 12, 2021 N/A· v4 5.4 MEDIUM· v3 4.3 MEDIUM· v2 IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading t...Show more IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191396.Show less
CVE-2021-20357 1Ibm 11Collaborative Lifecycle Management Engineering InsightsEngineering Lifecycle Management+8 more Nov 21, 2024 Jan 27, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credent...Show more IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963.Show less
CVE-2020-4865 1Ibm 11Collaborative Lifecycle Management Engineering InsightsEngineering Lifecycle Management+8 more Nov 21, 2024 Jan 27, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credent...Show more IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741.Show less
CVE-2020-4855 1Ibm 11Collaborative Lifecycle Management Engineering InsightsEngineering Lifecycle Management+8 more Nov 21, 2024 Jan 27, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credent...Show more IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190457.Show less
CVE-2020-4547 1Ibm 11Collaborative Lifecycle Management Engineering InsightsEngineering Lifecycle Management+8 more Nov 21, 2024 Jan 27, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack t...Show more IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 183315.Show less
CVE-2020-4524 1Ibm 11Collaborative Lifecycle Management Engineering InsightsEngineering Lifecycle Management+8 more Nov 21, 2024 Jan 27, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credent...Show more IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182434.Show less
CVE-2020-4546 1Ibm 10Doors Next Engineering Requirements Management Doors NextEngineering Test Management+7 more Nov 21, 2024 Sep 2, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin...Show more IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183314.Show less
CVE-2020-4522 1Ibm 10Doors Next Engineering Requirements Management Doors NextEngineering Test Management+7 more Nov 21, 2024 Sep 2, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin...Show more IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182397.Show less
CVE-2020-4445 1Ibm 10Doors Next Engineering Requirements Management Doors NextEngineering Test Management+7 more Nov 21, 2024 Sep 2, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin...Show more IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 181122.Show less

12 Next