CRITICAL🇵🇱 Wersja polska

CVE-2024-41787

CVSS 9.8v3.1pub. 2025-01-10upd. 2025-08-20

IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code.

🤖 AI Analysis
How it works

The vulnerability stems from a synchronization error (race condition, CWE-367) — a situation where an application checks a certain security condition and performs an operation in two separate steps, between which an attacker can intervene (known as TOCTOU). The attacker sends a specially crafted network request that, at the right moment in the process race, allows bypassing security restrictions. As a result, remote code execution (RCE) is possible without requiring authentication.

Impact

An attacker can remotely execute arbitrary code on the server without authentication, leading to complete compromise of system confidentiality, integrity, and availability.

Mitigation & patch

Apply patches available from the vendor according to references: https://www.ibm.com/support/pages/node/7180636

Who is affected

IBM Engineering Requirements Management DOORS Next in versions 7.0.2 and 7.0.3

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • IBM Doors Next

    APP
    Ibm
    7.0.27.0.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Race Condition
CWE
References

Related vulnerabilities

CVE-2023-45192HIGH8.2ten sam produkt

IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Inj...

CVE-2020-4965HIGH7.5ten sam produkt

IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker t...

CVE-2021-20519MEDIUM5.4ten sam produkt

IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed...

CVE-2020-4964MEDIUM4.3ten sam produkt

IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to p...

CVE-2020-4920MEDIUM5.4ten sam produkt

IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users t...