Search

Find a vulnerability

Search criteria

    20 vulnerabilities found for Engineering Requirements Management DOORS Next by IBM

    CVE-2025-13734 (GCVE-0-2025-13734)

    Vulnerability from nvd – Published: 2026-03-03 19:51 – Updated: 2026-03-04 21:15
    VLAI
    Title
    IBM Engineering Requirements Management DOORS Next could allow an authenticated user to access and modify data beyond authorized permissions
    Summary
    IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7261900 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Engineering Requirements Management DOORS Next Affected: 7.1 , ≤ rage Scale 5.2.3.0 - 5.2.3.5 (semver)
    Affected: 7.2 , ≤ rage Scale 6.0.0.0 - 6.0.0.1 (semver)
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Acknowledgement The vulnerability was reported to IBM by: Peter Backlund, Hunter Dyer, Todd Fine, Gary Huang, Dorota Kopczyk, Charles Nove, Addison Shuppy, George Thompson, Sandia National Laboratories
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13734",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-04T21:14:33.587080Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-04T21:15:13.629Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.2.0:*:*:*:*:*:*:*"
              ],
              "product": "Engineering Requirements Management DOORS Next",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "rage Scale 5.2.3.0 - 5.2.3.5",
                  "status": "affected",
                  "version": "7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "rage Scale 6.0.0.0 - 6.0.0.1",
                  "status": "affected",
                  "version": "7.2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Acknowledgement The vulnerability was reported to IBM by: Peter Backlund, Hunter Dyer, Todd Fine, Gary Huang, Dorota Kopczyk, Charles Nove, Addison Shuppy, George Thompson, Sandia National Laboratories"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions.\u003c/p\u003e"
                }
              ],
              "value": "IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-03T19:51:48.142Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7261900"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerabilities now by taking the actions documented in this bulletin. For IBM Engineering Requirements Management DOORS Next 7.1, install ifix 08 or newer. For IBM Engineering Requirements Management DOORS Next 7.2, install ifix 01 or newer.\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by taking the actions documented in this bulletin. For IBM Engineering Requirements Management DOORS Next 7.1, install ifix 08 or newer. For IBM Engineering Requirements Management DOORS Next 7.2, install ifix 01 or newer."
            }
          ],
          "title": "IBM Engineering Requirements Management DOORS Next could allow an authenticated user to access and modify data beyond authorized permissions",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-13734",
        "datePublished": "2026-03-03T19:51:48.142Z",
        "dateReserved": "2025-11-26T02:11:54.076Z",
        "dateUpdated": "2026-03-04T21:15:13.629Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-33096 (GCVE-0-2025-33096)

    Vulnerability from nvd – Published: 2025-10-12 13:31 – Updated: 2025-10-14 15:26
    VLAI
    Title
    IBM Engineering Requirements Management Doors Next denial of service
    Summary
    IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7247716 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Engineering Requirements Management Doors Next Affected: 7.0.2
    Affected: 7.0.3
    Affected: 7.1
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-33096",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-14T15:25:52.689448Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-14T15:26:02.178Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Engineering Requirements Management Doors Next",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion."
                }
              ],
              "value": "IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-674",
                  "description": "CWE-674 Uncontrolled Recursion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-12T13:33:41.404Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7247716"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "For IBM Engineering Requirements Management DOORS Next 7.0.2, install ifix 36.\u003cbr\u003e\u003cbr\u003eFor IBM Engineering Requirements Management DOORS Next 7.0.3, install ifix 19 or newer.\u003cbr\u003e\u003cbr\u003eFor IBM Engineering Requirements Management DOORS Next 7.1.0, install ifix 05 or newer.\u003cbr\u003e"
                }
              ],
              "value": "For IBM Engineering Requirements Management DOORS Next 7.0.2, install ifix 36.\n\nFor IBM Engineering Requirements Management DOORS Next 7.0.3, install ifix 19 or newer.\n\nFor IBM Engineering Requirements Management DOORS Next 7.1.0, install ifix 05 or newer."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Engineering Requirements Management Doors Next denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-33096",
        "datePublished": "2025-10-12T13:31:04.723Z",
        "dateReserved": "2025-04-15T17:50:40.773Z",
        "dateUpdated": "2025-10-14T15:26:02.178Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2140 (GCVE-0-2025-2140)

    Vulnerability from nvd – Published: 2025-10-12 13:33 – Updated: 2025-10-14 14:53
    VLAI
    Title
    IBM Engineering Requirements Management Doors Next spoofing
    Summary
    IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-346 - Origin Validation Error
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7247716 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Engineering Requirements Management Doors Next Affected: 7.0.2
    Affected: 7.0.3
    Affected: 7.1
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2140",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-14T14:48:48.146508Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-14T14:53:08.219Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Engineering Requirements Management Doors Next",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source data."
                }
              ],
              "value": "IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-346",
                  "description": "CWE-346 Origin Validation Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-12T13:33:22.545Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7247716"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "For IBM Engineering Requirements Management DOORS Next 7.0.2, install ifix 36.\u003cbr\u003e\u003cbr\u003eFor IBM Engineering Requirements Management DOORS Next 7.0.3, install ifix 19 or newer.\u003cbr\u003e\u003cbr\u003eFor IBM Engineering Requirements Management DOORS Next 7.1.0, install ifix 05 or newer.\u003cbr\u003e"
                }
              ],
              "value": "For IBM Engineering Requirements Management DOORS Next 7.0.2, install ifix 36.\n\nFor IBM Engineering Requirements Management DOORS Next 7.0.3, install ifix 19 or newer.\n\nFor IBM Engineering Requirements Management DOORS Next 7.1.0, install ifix 05 or newer."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Engineering Requirements Management Doors Next spoofing",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-2140",
        "datePublished": "2025-10-12T13:33:22.545Z",
        "dateReserved": "2025-03-10T01:10:33.257Z",
        "dateUpdated": "2025-10-14T14:53:08.219Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2139 (GCVE-0-2025-2139)

    Vulnerability from nvd – Published: 2025-10-12 13:35 – Updated: 2025-10-14 14:48
    VLAI
    Title
    IBM Engineering Requirements Management Doors Next security bypass
    Summary
    IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-602 - Client-Side Enforcement of Server-Side Security
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7247716 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Engineering Requirements Management Doors Next Affected: 7.0.2
    Affected: 7.0.3
    Affected: 7.1
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2139",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-14T14:48:10.331080Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-14T14:48:18.322Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Engineering Requirements Management Doors Next",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security."
                }
              ],
              "value": "IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-602",
                  "description": "CWE-602 Client-Side Enforcement of Server-Side Security",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-12T13:35:24.921Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7247716"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "For IBM Engineering Requirements Management DOORS Next 7.0.2, install ifix 36.\u003cbr\u003e\u003cbr\u003eFor IBM Engineering Requirements Management DOORS Next 7.0.3, install ifix 19 or newer.\u003cbr\u003e\u003cbr\u003eFor IBM Engineering Requirements Management DOORS Next 7.1.0, install ifix 05 or newer.\u003cbr\u003e"
                }
              ],
              "value": "For IBM Engineering Requirements Management DOORS Next 7.0.2, install ifix 36.\n\nFor IBM Engineering Requirements Management DOORS Next 7.0.3, install ifix 19 or newer.\n\nFor IBM Engineering Requirements Management DOORS Next 7.1.0, install ifix 05 or newer."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Engineering Requirements Management Doors Next security bypass",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-2139",
        "datePublished": "2025-10-12T13:35:24.921Z",
        "dateReserved": "2025-03-10T01:10:32.275Z",
        "dateUpdated": "2025-10-14T14:48:18.322Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2138 (GCVE-0-2025-2138)

    Vulnerability from nvd – Published: 2025-10-12 13:37 – Updated: 2025-10-14 15:10
    VLAI
    Title
    IBM Engineering Requirements Management Doors Next data modification
    Summary
    IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-602 - Client-Side Enforcement of Server-Side Security
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7247716 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Engineering Requirements Management Doors Next Affected: 7.0.2
    Affected: 7.0.3
    Affected: 7.1
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2138",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-14T15:10:41.254195Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-14T15:10:47.518Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Engineering Requirements Management Doors Next",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security.\u003c/span\u003e"
                }
              ],
              "value": "IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 \n\ncould allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-602",
                  "description": "CWE-602 Client-Side Enforcement of Server-Side Security",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-12T13:37:02.296Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7247716"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "For IBM Engineering Requirements Management DOORS Next 7.0.2, install ifix 36.\u003cbr\u003e\u003cbr\u003eFor IBM Engineering Requirements Management DOORS Next 7.0.3, install ifix 19 or newer.\u003cbr\u003e\u003cbr\u003eFor IBM Engineering Requirements Management DOORS Next 7.1.0, install ifix 05 or newer.\u003cbr\u003e"
                }
              ],
              "value": "For IBM Engineering Requirements Management DOORS Next 7.0.2, install ifix 36.\n\nFor IBM Engineering Requirements Management DOORS Next 7.0.3, install ifix 19 or newer.\n\nFor IBM Engineering Requirements Management DOORS Next 7.1.0, install ifix 05 or newer."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Engineering Requirements Management Doors Next data modification",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-2138",
        "datePublished": "2025-10-12T13:37:02.296Z",
        "dateReserved": "2025-03-10T01:10:31.239Z",
        "dateUpdated": "2025-10-14T15:10:47.518Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-43169 (GCVE-0-2024-43169)

    Vulnerability from nvd – Published: 2025-03-03 15:27 – Updated: 2026-02-26 19:09
    VLAI
    Title
    IBM Engineering Requirements Management DOORS Next file download
    Summary
    IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-494 - Download of Code Without Integrity Check
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7184506 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Engineering Requirements Management DOORS Next Affected: 7.0.2
    Affected: 7.0.3
    Affected: 7.1
        cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-43169",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-07T04:55:46.708895Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T19:09:47.716Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors:7.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Engineering Requirements Management DOORS Next",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code."
                }
              ],
              "value": "IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-494",
                  "description": "CWE-494 Download of Code Without Integrity Check",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-01T01:10:55.594Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7184506"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Engineering Requirements Management DOORS Next file download",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-43169",
        "datePublished": "2025-03-03T15:27:29.620Z",
        "dateReserved": "2024-08-07T13:29:17.951Z",
        "dateUpdated": "2026-02-26T19:09:47.716Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-41771 (GCVE-0-2024-41771)

    Vulnerability from nvd – Published: 2025-03-03 15:29 – Updated: 2025-09-01 01:11
    VLAI
    Title
    IBM Engineering Requirements Management DOORS Next information disclosure
    Summary
    IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7184663 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Engineering Requirements Management DOORS Next Affected: 7.0.2
    Affected: 7.0.3
    Affected: 7.1
        cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41771",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-04T19:00:56.359534Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-04T19:01:10.858Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors:7.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Engineering Requirements Management DOORS Next",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information."
                }
              ],
              "value": "IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-01T01:11:58.234Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7184663"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Engineering Requirements Management DOORS Next information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-41771",
        "datePublished": "2025-03-03T15:29:14.503Z",
        "dateReserved": "2024-07-22T12:02:59.128Z",
        "dateUpdated": "2025-09-01T01:11:58.234Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41770 (GCVE-0-2024-41770)

    Vulnerability from nvd – Published: 2025-03-03 15:28 – Updated: 2025-09-01 01:11
    VLAI
    Title
    IBM Engineering Requirements Management DOORS Next information disclosure
    Summary
    IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7184663 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Engineering Requirements Management DOORS Next Affected: 7.0.2
    Affected: 7.0.3
    Affected: 7.1
        cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41770",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-04T19:05:34.410184Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-04T19:05:46.401Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors:7.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Engineering Requirements Management DOORS Next",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information."
                }
              ],
              "value": "IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-01T01:11:25.136Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7184663"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Engineering Requirements Management DOORS Next information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-41770",
        "datePublished": "2025-03-03T15:28:57.065Z",
        "dateReserved": "2024-07-22T12:02:59.128Z",
        "dateUpdated": "2025-09-01T01:11:25.136Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41787 (GCVE-0-2024-41787)

    Vulnerability from nvd – Published: 2025-01-10 13:18 – Updated: 2025-01-10 14:48
    VLAI
    Title
    IBM Engineering Requirements Management DOORS Next code execution
    Summary
    IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Engineering Requirements Management DOORS Next Affected: 7.0.2, 7.0.3
        cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41787",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-10T14:48:17.937916Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-10T14:48:26.216Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.3:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Engineering Requirements Management DOORS Next",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.2, 7.0.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code.\u003c/span\u003e"
                }
              ],
              "value": "IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-367",
                  "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-10T13:18:51.866Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7180636"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Engineering Requirements Management DOORS Next code execution",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-41787",
        "datePublished": "2025-01-10T13:18:51.866Z",
        "dateReserved": "2024-07-22T12:03:08.192Z",
        "dateUpdated": "2025-01-10T14:48:26.216Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-45192 (GCVE-0-2023-45192)

    Vulnerability from nvd – Published: 2024-06-06 18:49 – Updated: 2024-08-02 20:14
    VLAI
    Title
    IBM Engineering Requirements Management DOORS Next XML external entity injection
    Summary
    IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 268758.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM Engineering Requirements Management DOORS Next Affected: 7.0.2, 7.0.3
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45192",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-07T18:40:50.872862Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-07T18:44:29.770Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:14:19.734Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7156492"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268758"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.3:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Engineering Requirements Management DOORS Next",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.2, 7.0.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.  IBM X-Force ID:  268758."
                }
              ],
              "value": "IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.  IBM X-Force ID:  268758."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611 Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-06T18:49:05.734Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7156492"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268758"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Engineering Requirements Management DOORS Next XML external entity injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-45192",
        "datePublished": "2024-06-06T18:49:05.734Z",
        "dateReserved": "2023-10-05T01:39:10.397Z",
        "dateUpdated": "2024-08-02T20:14:19.734Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-13734 (GCVE-0-2025-13734)

    Vulnerability from cvelistv5 – Published: 2026-03-03 19:51 – Updated: 2026-03-04 21:15
    VLAI
    Title
    IBM Engineering Requirements Management DOORS Next could allow an authenticated user to access and modify data beyond authorized permissions
    Summary
    IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7261900 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Engineering Requirements Management DOORS Next Affected: 7.1 , ≤ rage Scale 5.2.3.0 - 5.2.3.5 (semver)
    Affected: 7.2 , ≤ rage Scale 6.0.0.0 - 6.0.0.1 (semver)
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.2.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Acknowledgement The vulnerability was reported to IBM by: Peter Backlund, Hunter Dyer, Todd Fine, Gary Huang, Dorota Kopczyk, Charles Nove, Addison Shuppy, George Thompson, Sandia National Laboratories
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13734",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-04T21:14:33.587080Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-04T21:15:13.629Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.2.0:*:*:*:*:*:*:*"
              ],
              "product": "Engineering Requirements Management DOORS Next",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "rage Scale 5.2.3.0 - 5.2.3.5",
                  "status": "affected",
                  "version": "7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "rage Scale 6.0.0.0 - 6.0.0.1",
                  "status": "affected",
                  "version": "7.2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Acknowledgement The vulnerability was reported to IBM by: Peter Backlund, Hunter Dyer, Todd Fine, Gary Huang, Dorota Kopczyk, Charles Nove, Addison Shuppy, George Thompson, Sandia National Laboratories"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions.\u003c/p\u003e"
                }
              ],
              "value": "IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-03T19:51:48.142Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7261900"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerabilities now by taking the actions documented in this bulletin. For IBM Engineering Requirements Management DOORS Next 7.1, install ifix 08 or newer. For IBM Engineering Requirements Management DOORS Next 7.2, install ifix 01 or newer.\u003c/p\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by taking the actions documented in this bulletin. For IBM Engineering Requirements Management DOORS Next 7.1, install ifix 08 or newer. For IBM Engineering Requirements Management DOORS Next 7.2, install ifix 01 or newer."
            }
          ],
          "title": "IBM Engineering Requirements Management DOORS Next could allow an authenticated user to access and modify data beyond authorized permissions",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-13734",
        "datePublished": "2026-03-03T19:51:48.142Z",
        "dateReserved": "2025-11-26T02:11:54.076Z",
        "dateUpdated": "2026-03-04T21:15:13.629Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-2138 (GCVE-0-2025-2138)

    Vulnerability from cvelistv5 – Published: 2025-10-12 13:37 – Updated: 2025-10-14 15:10
    VLAI
    Title
    IBM Engineering Requirements Management Doors Next data modification
    Summary
    IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-602 - Client-Side Enforcement of Server-Side Security
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7247716 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Engineering Requirements Management Doors Next Affected: 7.0.2
    Affected: 7.0.3
    Affected: 7.1
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2138",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-14T15:10:41.254195Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-14T15:10:47.518Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Engineering Requirements Management Doors Next",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security.\u003c/span\u003e"
                }
              ],
              "value": "IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 \n\ncould allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-602",
                  "description": "CWE-602 Client-Side Enforcement of Server-Side Security",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-12T13:37:02.296Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7247716"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "For IBM Engineering Requirements Management DOORS Next 7.0.2, install ifix 36.\u003cbr\u003e\u003cbr\u003eFor IBM Engineering Requirements Management DOORS Next 7.0.3, install ifix 19 or newer.\u003cbr\u003e\u003cbr\u003eFor IBM Engineering Requirements Management DOORS Next 7.1.0, install ifix 05 or newer.\u003cbr\u003e"
                }
              ],
              "value": "For IBM Engineering Requirements Management DOORS Next 7.0.2, install ifix 36.\n\nFor IBM Engineering Requirements Management DOORS Next 7.0.3, install ifix 19 or newer.\n\nFor IBM Engineering Requirements Management DOORS Next 7.1.0, install ifix 05 or newer."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Engineering Requirements Management Doors Next data modification",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-2138",
        "datePublished": "2025-10-12T13:37:02.296Z",
        "dateReserved": "2025-03-10T01:10:31.239Z",
        "dateUpdated": "2025-10-14T15:10:47.518Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2139 (GCVE-0-2025-2139)

    Vulnerability from cvelistv5 – Published: 2025-10-12 13:35 – Updated: 2025-10-14 14:48
    VLAI
    Title
    IBM Engineering Requirements Management Doors Next security bypass
    Summary
    IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-602 - Client-Side Enforcement of Server-Side Security
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7247716 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Engineering Requirements Management Doors Next Affected: 7.0.2
    Affected: 7.0.3
    Affected: 7.1
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2139",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-14T14:48:10.331080Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-14T14:48:18.322Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Engineering Requirements Management Doors Next",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security."
                }
              ],
              "value": "IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-602",
                  "description": "CWE-602 Client-Side Enforcement of Server-Side Security",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-12T13:35:24.921Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7247716"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "For IBM Engineering Requirements Management DOORS Next 7.0.2, install ifix 36.\u003cbr\u003e\u003cbr\u003eFor IBM Engineering Requirements Management DOORS Next 7.0.3, install ifix 19 or newer.\u003cbr\u003e\u003cbr\u003eFor IBM Engineering Requirements Management DOORS Next 7.1.0, install ifix 05 or newer.\u003cbr\u003e"
                }
              ],
              "value": "For IBM Engineering Requirements Management DOORS Next 7.0.2, install ifix 36.\n\nFor IBM Engineering Requirements Management DOORS Next 7.0.3, install ifix 19 or newer.\n\nFor IBM Engineering Requirements Management DOORS Next 7.1.0, install ifix 05 or newer."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Engineering Requirements Management Doors Next security bypass",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-2139",
        "datePublished": "2025-10-12T13:35:24.921Z",
        "dateReserved": "2025-03-10T01:10:32.275Z",
        "dateUpdated": "2025-10-14T14:48:18.322Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2140 (GCVE-0-2025-2140)

    Vulnerability from cvelistv5 – Published: 2025-10-12 13:33 – Updated: 2025-10-14 14:53
    VLAI
    Title
    IBM Engineering Requirements Management Doors Next spoofing
    Summary
    IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-346 - Origin Validation Error
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7247716 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Engineering Requirements Management Doors Next Affected: 7.0.2
    Affected: 7.0.3
    Affected: 7.1
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2140",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-14T14:48:48.146508Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-14T14:53:08.219Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Engineering Requirements Management Doors Next",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source data."
                }
              ],
              "value": "IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-346",
                  "description": "CWE-346 Origin Validation Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-12T13:33:22.545Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7247716"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "For IBM Engineering Requirements Management DOORS Next 7.0.2, install ifix 36.\u003cbr\u003e\u003cbr\u003eFor IBM Engineering Requirements Management DOORS Next 7.0.3, install ifix 19 or newer.\u003cbr\u003e\u003cbr\u003eFor IBM Engineering Requirements Management DOORS Next 7.1.0, install ifix 05 or newer.\u003cbr\u003e"
                }
              ],
              "value": "For IBM Engineering Requirements Management DOORS Next 7.0.2, install ifix 36.\n\nFor IBM Engineering Requirements Management DOORS Next 7.0.3, install ifix 19 or newer.\n\nFor IBM Engineering Requirements Management DOORS Next 7.1.0, install ifix 05 or newer."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Engineering Requirements Management Doors Next spoofing",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-2140",
        "datePublished": "2025-10-12T13:33:22.545Z",
        "dateReserved": "2025-03-10T01:10:33.257Z",
        "dateUpdated": "2025-10-14T14:53:08.219Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-33096 (GCVE-0-2025-33096)

    Vulnerability from cvelistv5 – Published: 2025-10-12 13:31 – Updated: 2025-10-14 15:26
    VLAI
    Title
    IBM Engineering Requirements Management Doors Next denial of service
    Summary
    IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7247716 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Engineering Requirements Management Doors Next Affected: 7.0.2
    Affected: 7.0.3
    Affected: 7.1
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-33096",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-14T15:25:52.689448Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-14T15:26:02.178Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Engineering Requirements Management Doors Next",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion."
                }
              ],
              "value": "IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-674",
                  "description": "CWE-674 Uncontrolled Recursion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-12T13:33:41.404Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7247716"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "For IBM Engineering Requirements Management DOORS Next 7.0.2, install ifix 36.\u003cbr\u003e\u003cbr\u003eFor IBM Engineering Requirements Management DOORS Next 7.0.3, install ifix 19 or newer.\u003cbr\u003e\u003cbr\u003eFor IBM Engineering Requirements Management DOORS Next 7.1.0, install ifix 05 or newer.\u003cbr\u003e"
                }
              ],
              "value": "For IBM Engineering Requirements Management DOORS Next 7.0.2, install ifix 36.\n\nFor IBM Engineering Requirements Management DOORS Next 7.0.3, install ifix 19 or newer.\n\nFor IBM Engineering Requirements Management DOORS Next 7.1.0, install ifix 05 or newer."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Engineering Requirements Management Doors Next denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-33096",
        "datePublished": "2025-10-12T13:31:04.723Z",
        "dateReserved": "2025-04-15T17:50:40.773Z",
        "dateUpdated": "2025-10-14T15:26:02.178Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41771 (GCVE-0-2024-41771)

    Vulnerability from cvelistv5 – Published: 2025-03-03 15:29 – Updated: 2025-09-01 01:11
    VLAI
    Title
    IBM Engineering Requirements Management DOORS Next information disclosure
    Summary
    IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7184663 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Engineering Requirements Management DOORS Next Affected: 7.0.2
    Affected: 7.0.3
    Affected: 7.1
        cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41771",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-04T19:00:56.359534Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-04T19:01:10.858Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors:7.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Engineering Requirements Management DOORS Next",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information."
                }
              ],
              "value": "IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-01T01:11:58.234Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7184663"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Engineering Requirements Management DOORS Next information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-41771",
        "datePublished": "2025-03-03T15:29:14.503Z",
        "dateReserved": "2024-07-22T12:02:59.128Z",
        "dateUpdated": "2025-09-01T01:11:58.234Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-41770 (GCVE-0-2024-41770)

    Vulnerability from cvelistv5 – Published: 2025-03-03 15:28 – Updated: 2025-09-01 01:11
    VLAI
    Title
    IBM Engineering Requirements Management DOORS Next information disclosure
    Summary
    IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7184663 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Engineering Requirements Management DOORS Next Affected: 7.0.2
    Affected: 7.0.3
    Affected: 7.1
        cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41770",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-04T19:05:34.410184Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-04T19:05:46.401Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors:7.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Engineering Requirements Management DOORS Next",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information."
                }
              ],
              "value": "IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-01T01:11:25.136Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7184663"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Engineering Requirements Management DOORS Next information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-41770",
        "datePublished": "2025-03-03T15:28:57.065Z",
        "dateReserved": "2024-07-22T12:02:59.128Z",
        "dateUpdated": "2025-09-01T01:11:25.136Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-43169 (GCVE-0-2024-43169)

    Vulnerability from cvelistv5 – Published: 2025-03-03 15:27 – Updated: 2026-02-26 19:09
    VLAI
    Title
    IBM Engineering Requirements Management DOORS Next file download
    Summary
    IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-494 - Download of Code Without Integrity Check
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7184506 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Engineering Requirements Management DOORS Next Affected: 7.0.2
    Affected: 7.0.3
    Affected: 7.1
        cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors:7.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-43169",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-07T04:55:46.708895Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T19:09:47.716Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors:7.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Engineering Requirements Management DOORS Next",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code."
                }
              ],
              "value": "IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-494",
                  "description": "CWE-494 Download of Code Without Integrity Check",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-01T01:10:55.594Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7184506"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Engineering Requirements Management DOORS Next file download",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-43169",
        "datePublished": "2025-03-03T15:27:29.620Z",
        "dateReserved": "2024-08-07T13:29:17.951Z",
        "dateUpdated": "2026-02-26T19:09:47.716Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-41787 (GCVE-0-2024-41787)

    Vulnerability from cvelistv5 – Published: 2025-01-10 13:18 – Updated: 2025-01-10 14:48
    VLAI
    Title
    IBM Engineering Requirements Management DOORS Next code execution
    Summary
    IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Engineering Requirements Management DOORS Next Affected: 7.0.2, 7.0.3
        cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-41787",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-10T14:48:17.937916Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-10T14:48:26.216Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.3:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Engineering Requirements Management DOORS Next",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.2, 7.0.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code.\u003c/span\u003e"
                }
              ],
              "value": "IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-367",
                  "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-10T13:18:51.866Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7180636"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Engineering Requirements Management DOORS Next code execution",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-41787",
        "datePublished": "2025-01-10T13:18:51.866Z",
        "dateReserved": "2024-07-22T12:03:08.192Z",
        "dateUpdated": "2025-01-10T14:48:26.216Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-45192 (GCVE-0-2023-45192)

    Vulnerability from cvelistv5 – Published: 2024-06-06 18:49 – Updated: 2024-08-02 20:14
    VLAI
    Title
    IBM Engineering Requirements Management DOORS Next XML external entity injection
    Summary
    IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 268758.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM Engineering Requirements Management DOORS Next Affected: 7.0.2, 7.0.3
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.3:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45192",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-07T18:40:50.872862Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-07T18:44:29.770Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:14:19.734Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7156492"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268758"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.3:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Engineering Requirements Management DOORS Next",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.2, 7.0.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.  IBM X-Force ID:  268758."
                }
              ],
              "value": "IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.  IBM X-Force ID:  268758."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611 Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-06T18:49:05.734Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7156492"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268758"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Engineering Requirements Management DOORS Next XML external entity injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-45192",
        "datePublished": "2024-06-06T18:49:05.734Z",
        "dateReserved": "2023-10-05T01:39:10.397Z",
        "dateUpdated": "2024-08-02T20:14:19.734Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }