IBM Engineering Requirements Management DOORS Next
Moderate fix3 remedies
cpe:2.3:a:ibm:engineering_requirements_management_doors_next:*:*:*:*:*:*:*
Moderate fix3 remedies
- 7.0.2
- 7.0.3
- 7.1
IBM Engineering Requirements Management DOORS Next Broken Access Control Vulnerability Allowing Review Deletion
Vulnerability
A broken access control vulnerability has been identified in IBM Engineering Requirements Management DOORS Next versions 7.0.2, 7.0.3, and 7.1. This vulnerability could allow an authenticated user on the network to delete reviews from other users. The issue arises from client-side enforcement of server-side security, which creates a loophole that can be exploited to remove reviews improperly.
Impact
Exploitation of this vulnerability could lead to unauthorized deletion of user reviews, potentially disrupting collaboration and feedback processes within the application.
Remediation
Users of IBM Engineering Requirements Management DOORS Next 7.0.2 should install iFix 36. Those on version 7.0.3 can upgrade to iFix 19 or newer. For version 7.1.0, iFix 05 or newer should be installed.
Added: Oct 12, 2025, 2:20 PM
Updated: Oct 12, 2025, 2:20 PM
Vulnerability Rating
Custom Algorithm
spread
2.6impact
0.6exploitability
3.5remediation
7.7relevance
0.7threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.