"product:engineering_requirements_management_doors_next" CVE Search Results

Advanced Filters

CVE Vulnerabilities for "product:engineering_requirements_management_doors_next"

Showing 1-10 of 20 CVEs (filtered from 316,527 total)

CVE-2025-33096

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion.

MEDIUM 6.5

EPSS 0.0%

10/12/2025

2025

CVE-2025-2140

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source data.

MEDIUM 5.7

EPSS 0.0%

10/12/2025

2025

CVE-2025-2139

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security.

LOW 3.5

EPSS 0.0%

10/12/2025

2025

CVE-2025-2138

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security.

LOW 3.5

EPSS 0.0%

10/12/2025

2025

CVE-2024-43169

IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code.

HIGH 8.8

EPSS 0.0%

3/3/2025

2024

CVE-2024-41771

IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.

HIGH 7.5

EPSS 0.1%

3/3/2025

2024

CVE-2024-41770

IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.

HIGH 7.5

EPSS 0.1%

3/3/2025

2024

CVE-2021-20519

IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198441.

MEDIUM 5.4

EPSS 0.2%

4/12/2021

2021

CVE-2020-4965

IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422.

HIGH 7.5

EPSS 0.1%

4/12/2021

2020

CVE-2020-4964

IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419.

MEDIUM 4.3

EPSS 0.2%

4/12/2021

2020

	Description				Year
CVE-2025-33096	IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion. IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading s... 6.50	6.5MEDIUM	0.0%Minimal	-	2025
CVE-2025-2140	IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source data. IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of t... 5.70	5.7MEDIUM	0.0%Minimal	-	2025
CVE-2025-2139	IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security. IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other... 3.50	3.5LOW	0.0%Minimal	-	2025
CVE-2025-2138	IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security. IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete comments from ot... 3.50	3.5LOW	0.0%Minimal	-	2025
CVE-2024-43169	IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code. IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integri... 8.80	8.8HIGH	0.0%Minimal	-	2024
CVE-2024-41771	IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information. IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose ... 7.50	7.5HIGH	0.1%Minimal	-	2024
CVE-2024-41770	IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information. IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose ... 7.50	7.5HIGH	0.1%Minimal	-	2024
CVE-2021-20519	IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198441. IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI... 5.40	5.4MEDIUM	0.2%Minimal	-	2021
CVE-2020-4965	IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422. IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. ... 7.50	7.5HIGH	0.1%Minimal	-	2020
CVE-2020-4964	IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419. IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the appli... 4.30	4.3MEDIUM	0.2%Minimal	-	2020

Page 1 of 2