Vulnerabilities > IBM > Engineering Requirements Management Doors
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-18 | CVE-2023-50304 | XXE vulnerability in IBM products IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2024-03-01 | CVE-2023-28525 | Cross-site Scripting vulnerability in IBM products IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. | 4.8 |
| 2024-03-01 | CVE-2023-28949 | Cross-Site Request Forgery (CSRF) vulnerability in IBM products IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
| 2024-03-01 | CVE-2023-50305 | Weak Password Requirements vulnerability in IBM products IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 5.1 |