CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
70.9%
IBM Engineering Requirements Management DOORS Next is vulnerable to CVE-2021-39239 due to a vulnerability in XML processing in Apache Jena, in versions up to 4.1.0. Apache Jena is used by IBM Engineering Requirements Management DOORS Next for working with RDF models. The fix disables external entity processing in calls made to the library.
CVEID:CVE-2021-39239
**DESCRIPTION:**Apache Jena could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity (XXE) declarations. By using a specially-crafted XML content, a remote attacker could exploit this vulnerability to read arbitrary files on the server.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/209530 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
DOORS Next | 7.0.2 |
DOORS Next | 7.0.1 |
IBM strongly recommends addressing the vulnerabilities now by taking the actions documented in this bulletin.
For IBM Engineering Requirements Management DOORS Next 7.0.2, install ifix 20a or newer.
For IBM Engineering Requirements Management DOORS Next 7.0.1, install ifix 20 or newer.
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | engineering_requirements_management_doors_next | 7.0 | cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0:*:*:*:*:*:*:* |
ibm | engineering_requirements_management_doors_next | 7.0.1 | cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.1:*:*:*:*:*:*:* |
ibm | engineering_requirements_management_doors_next | 7.0.2 | cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.2:*:*:*:*:*:*:* |
ibm | rational_doors_next_generation | 6.0.6 | cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6:*:*:*:*:*:*:* |
ibm | rational_doors_next_generation | 6.0.6.1 | cpe:2.3:a:ibm:rational_doors_next_generation:6.0.6.1:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
70.9%