could allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Ibm |
|
No data.
No data.
No data.
No advisories yet.
Solution
For IBM Engineering Requirements Management DOORS Next 7.0.2, install ifix 36. For IBM Engineering Requirements Management DOORS Next 7.0.3, install ifix 19 or newer. For IBM Engineering Requirements Management DOORS Next 7.1.0, install ifix 05 or newer.
Workaround
No workaround given by the vendor.
| Link | Providers |
|---|---|
| https://www.ibm.com/support/pages/node/7247716 |
|
Sun, 12 Oct 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security. | |
| Title | IBM Engineering Requirements Management Doors Next data modification | |
| First Time appeared |
Ibm
Ibm engineering Requirements Management Doors Next |
|
| Weaknesses | CWE-602 | |
| CPEs | cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1:*:*:*:*:*:*:* |
|
| Vendors & Products |
Ibm
Ibm engineering Requirements Management Doors Next |
|
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: ibm
Published:
Updated: 2025-10-12T13:37:02.296Z
Reserved: 2025-03-10T01:10:31.239Z
Link: CVE-2025-2138
Vulnrichment
No data.
NVD
Status : Received
Published: 2025-10-12T14:15:36.023
Modified: 2025-10-12T14:15:36.023
Link: CVE-2025-2138
Redhat
No data.
OpenCVE Enrichment
No data.