Severity
Medium
Analysis Summary
CVE-2023-50304 CVSS:7.1
IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVE-2022-35640 CVSS:4
IBM Sterling Partner Engagement Manager 6.2.2 could allow a local attacker to obtain sensitive information when a detailed technical error message is returned.
CVE-2024-28796 CVSS:6.4
IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Impact
- Gain Access
- Information Disclosure
- Cross-Site Scripting
Indicators of Compromise
CVE
- CVE-2023-50304
- CVE-2022-35640
- CVE-2024-28796
Affected Vendors
Affected Products
- IBM Sterling Partner Engagement Manager 6.2.2
- IBM Engineering Requirements Management DOORS 9.7.2.8
- IBM Rational ClearQuest 9.1
- IBM Rational ClearQuest 9.1.0.6
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.