CVE-2023-45192
HIGH WAF: High
CVSS 8.2
Published: 2024-06-06
CWE-611
IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 268758.
WAF Coverage Analysis
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| ibm | doors_next | 7.0.2 |
| ibm | doors_next | 7.0.3 |
References
- exchange.xforce.ibmcloud.com (VDB Entry, Vendor Advisory)
- www.ibm.com (Vendor Advisory)