CVE-2023-50304
HIGH WAF: High
CVSS 8.2
Published: 2024-07-18
CWE-611
IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 273335.
WAF Coverage Analysis
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| ibm | engineering_requirements_management_doors | 9.7.2.8 |
| ibm | engineering_requirements_management_doors_web_access | 9.7.2.8 |
References
- exchange.xforce.ibmcloud.com (VDB Entry, Vendor Advisory)
- www.ibm.com (Vendor Advisory)