CVE-2023-28949

2024-03-0102:15:07

CWE-352

ibm

web.nvd.nist.gov

ibm

engineering

requirements management

doors

9.7.2.7

csrf

attack

vulnerability

security

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

6.4

Confidence

High

EPSS

Percentile

12.8%

JSON

IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216.

Affected configurations

Nvd

Vulners

Node

ibmengineering_requirements_management_doorsMatch9.7.2.7

ibmengineering_requirements_management_doors_web_accessMatch9.7.2.7

VendorProductVersionCPE
ibmengineering_requirements_management_doors9.7.2.7cpe:2.3:a:ibm:engineering_requirements_management_doors:9.7.2.7:*:*:*:*:*:*:*
ibmengineering_requirements_management_doors_web_access9.7.2.7cpe:2.3:a:ibm:engineering_requirements_management_doors_web_access:9.7.2.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	engineering_requirements_management_doors	9.7.2.7	cpe:2.3:a:ibm:engineering_requirements_management_doors:9.7.2.7:::::::*
ibm	engineering_requirements_management_doors_web_access	9.7.2.7	cpe:2.3:a:ibm:engineering_requirements_management_doors_web_access:9.7.2.7:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Engineering Requirements Management",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "9.7.2.7"
      }
    ]
  }
]