Vulnerabilities > IBM > Rational Doors Next Generation > High

DATE CVE VULNERABILITY TITLE RISK
2019-06-27 CVE-2019-4252 Path Traversal vulnerability in IBM products
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
7.5
2017-03-31 CVE-2016-9707 XXE vulnerability in IBM products
IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data.
network
low complexity
ibm CWE-611
7.5
2015-03-18 CVE-2015-0132 Resource Management Errors vulnerability in IBM products
The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5 and 4.x before 4.0.7 iFix3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
network
low complexity
ibm CWE-399
7.8