SB2024082921 - Multiple vulnerabilities in IBM Engineering Requirements Management DOORS Next

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024082921

SB2024082921 - Multiple vulnerabilities in IBM Engineering Requirements Management DOORS Next

Published: August 29, 2024

Security Bulletin ID SB2024082921
Severity
Medium
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 33% Low 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Improper input validation (CVE-ID: CVE-2024-21117)

The vulnerability allows a local authenticated user to read and manipulate data.

The vulnerability exists due to improper input validation within the Outside In Core component in Oracle Outside In Technology. A local authenticated user can exploit this vulnerability to read and manipulate data.


2) Improper input validation (CVE-ID: CVE-2024-21119)

The vulnerability allows a local authenticated user to read and manipulate data.

The vulnerability exists due to improper input validation within the Outside In Core component in Oracle Outside In Technology. A local authenticated user can exploit this vulnerability to read and manipulate data.


3) Improper input validation (CVE-ID: CVE-2024-21120)

The vulnerability allows a local authenticated user to read and manipulate data.

The vulnerability exists due to improper input validation within the Outside In Core component in Oracle Outside In Technology. A local authenticated user can exploit this vulnerability to read and manipulate data.


4) Improper input validation (CVE-ID: CVE-2023-22127)

The vulnerability allows a remote authenticated user to read and manipulate data.

The vulnerability exists due to improper input validation within the Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK component in Oracle Outside In Technology. A remote authenticated user can exploit this vulnerability to read and manipulate data.


5) Improper input validation (CVE-ID: CVE-2024-21118)

The vulnerability allows a local authenticated user to read and manipulate data.

The vulnerability exists due to improper input validation within the Outside In Core component in Oracle Outside In Technology. A local authenticated user can exploit this vulnerability to read and manipulate data.


6) Improper input validation (CVE-ID: CVE-2024-20930)

The vulnerability allows a remote authenticated user to read and manipulate data.

The vulnerability exists due to improper input validation within the Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK component in Oracle Outside In Technology. A remote authenticated user can exploit this vulnerability to read and manipulate data.


Remediation

Install update from vendor's website.

References