CVE-2023-50305 - OpenCVE

IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336.

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Engineering Requirements Management Doors Engineering Requirements Management Doors Web Access

Configuration 1 [-]

OR	cpe:2.3:a:ibm:engineering_requirements_management_doors:9.7.2.7:::::::*
	cpe:2.3:a:ibm:engineering_requirements_management_doors_web_access:9.7.2.7:::::::*

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/273336	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/7124058	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2024-03-01T01:44:34.005Z

Updated: 2024-07-05T17:22:05.832Z

Reserved: 2023-12-07T01:28:46.423Z

Link: CVE-2023-50305

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-03-01T02:15:07.590

Modified: 2024-03-07T17:50:18.457

Link: CVE-2023-50305

JSON object: View

Redhat Information

No data.

CWE

CWE-521

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-50305", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2023-12-07T01:28:46.423Z", "datePublished": "2024-03-01T01:44:34.005Z", "dateUpdated": "2024-07-05T17:22:05.832Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Engineering Requirements Management", "vendor": "IBM", "versions": [{"status": "affected", "version": "9.7.2.7"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336."}], "value": "IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-521", "description": "CWE-521 Weak Password Requirements", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-03-01T01:44:34.005Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7124058"}, {"tags": ["vdb-entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273336"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Engineering Requirements Management information disclosure", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-50305", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-01T15:39:44.001928Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:22:05.832Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors:9.7.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "CE06AC34-D09F-4BD8-B115-1691D8643419", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:engineering_requirements_management_doors_web_access:9.7.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "13ECE46A-0CFF-4199-A8B3-923077E07484", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336."}, {"lang": "es", "value": "IBM Engineering Requisitos Management DOORS 9.7.2.7 no requiere que los usuarios tengan contrase\u00f1as seguras de forma predeterminada, lo que facilita que los atacantes comprometan las cuentas de los usuarios. ID de IBM X-Force: 273336."}], "id": "CVE-2023-50305", "lastModified": "2024-03-07T17:50:18.457", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary"}]}, "published": "2024-03-01T02:15:07.590", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273336"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7124058"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-521"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}