{ "document": { "category": "csaf_vex", "csaf_version": "2.0", "lang": "en-US", "publisher": { "category": "coordinator", "contact_details": "https://www.cisa.gov/report", "issuing_authority": "CISA", "name": "CISA", "namespace": "https://www.cisa.gov/" }, "title": "IBM DOORS Next Generation multiple vulnerabilities", "tracking": { "current_release_date": "2026-03-04T00:00:00Z", "generator": { "engine": { "name": "VINCE-NT", "version": "1.12.0" } }, "id": "VA-25-297-01", "initial_release_date": "2025-10-22T18:45:47Z", "status": "final", "version": "3.0.0", "revision_history": [ { "number": "3.0.0", "summary": "Added CVE-2025-13734.", "date": "2026-03-04T00:00:00Z" }, { "number": "2.0.0", "summary": "Added CVE-2025-27550, CVE-2025-2134, CVE-2025-1823.", "date": "2026-02-18T00:00:00Z" }, { "number": "1.0.0", "summary": "Initial publication", "date": "2025-10-22T18:45:47Z" } ] }, "distribution": { "tlp": { "label": "WHITE" } }, "notes": [ { "text": "All information products included in [https://github.com/cisagov/CSAF/tree/develop/csaf_files/IT/white](https://github.com/cisagov/CSAF/tree/develop/csaf_files/IT/white) are provided \\\"as is\\\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see [https://us-cert.cisa.gov/tlp/](https://us-cert.cisa.gov/tlp/).", "title": "Legal Notice", "category": "legal_disclaimer" }, { "text": "Worldwide", "title": "Countries and Areas Deployed", "category": "other" }, { "text": "Information Technology", "title": "Critical Infrastructure Sectors", "category": "other" }, { "text": "IBM Engineering Requirements Management DOORS contains multiple vulnerabilities that require authentication. These vulnerabilities include the ability to cause an application denial of service and JavaScript execution in the victim's browser through stored cross site scripting.", "title": "Risk Evaluation", "category": "summary" }, { "text": "Update to IBM Engineering Requirements Management DOORS Next 7.0.2 iFix036, 7.0.3 iFix019, or 7.1.0 iFix008. Update to IBM Engineering Lifecycle Management - Jazz Foundation 7.0.2 iFix035, 7.0.3 iFix017, or 7.1.0 iFix005. Update to IBM Jazz Reporting Service 7.0.3 iFix021 or 7.1 iFix007", "title": "Recommended Practices", "category": "general" }, { "text": "United States", "title": "Company Headquarters Location", "category": "other" } ], "references": [ { "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-297-01.json", "summary": "Vulnerability Advisory VA-25-297-01 CSAF", "category": "self" } ] }, "product_tree": { "branches": [ { "category": "vendor", "name": "IBM", "branches": [ { "category": "product_name", "name": "Engineering Requirements Management DOORS Next", "branches": [ { "category": "product_version_range", "name": ">=7.0.2|<7.0.2 iFix036", "product": { "name": "IBM Engineering Requirements Management DOORS Next >=7.0.2|<7.0.2 iFix036", "product_id": "CSAFPID-0001" } }, { "category": "product_version_range", "name": ">=7.0.3|<7.0.3 iFix019", "product": { "name": "IBM Engineering Requirements Management DOORS Next >=7.0.3|<7.0.3 iFix019", "product_id": "CSAFPID-0002" } }, { "category": "product_version_range", "name": ">=7.1|<7.1.0 iFix005", "product": { "name": "IBM Engineering Requirements Management DOORS Next >=7.1|<7.1.0 iFix005", "product_id": "CSAFPID-0003" } }, { "category": "product_version", "name": "7.0.2 iFix036", "product": { "name": "IBM Engineering Requirements Management DOORS Next 7.0.2 iFix036", "product_id": "CSAFPID-0004" } }, { "category": "product_version", "name": "7.0.3 iFix019", "product": { "name": "IBM Engineering Requirements Management DOORS Next 7.0.3 iFix019", "product_id": "CSAFPID-0005" } }, { "category": "product_version", "name": "7.1.0 iFix005", "product": { "name": "IBM Engineering Requirements Management DOORS Next 7.1.0 iFix005", "product_id": "CSAFPID-0006" } }, { "category": "product_version_range", "name": ">=7.1|<7.1 iFix008", "product": { "name": "IBM Engineering Requirements Management DOORS Next >=7.1|<7.1 iFix008", "product_id": "CSAFPID-0007" } }, { "category": "product_version_range", "name": ">=7.2|<7.1 iFix001", "product": { "name": "IBM Engineering Requirements Management DOORS Next >=7.2|<7.1 iFix001", "product_id": "CSAFPID-0008" } }, { "category": "product_version", "name": "7.1 iFix008", "product": { "name": "IBM Engineering Requirements Management DOORS Next 7.1 iFix008", "product_id": "CSAFPID-0009" } }, { "category": "product_version", "name": "7.2 iFix001", "product": { "name": "IBM Engineering Requirements Management DOORS Next 7.2 iFix001", "product_id": "CSAFPID-0010" } } ] }, { "category": "product_name", "name": "Jazz Foundation", "branches": [ { "category": "product_version_range", "name": ">=7.0.2|<7.0.2 iFix035", "product": { "name": "IBM Jazz Foundation >=7.0.2|<7.0.2 iFix035", "product_id": "CSAFPID-0011" } }, { "category": "product_version_range", "name": ">=7.0.3|<7.0.3 iFix017", "product": { "name": "IBM Jazz Foundation >=7.0.3|<7.0.3 iFix017", "product_id": "CSAFPID-0012" } }, { "category": "product_version_range", "name": ">=7.1.0|<7.1.0 iFix005", "product": { "name": "IBM Jazz Foundation >=7.1.0|<7.1.0 iFix005", "product_id": "CSAFPID-0013" } }, { "category": "product_version", "name": "7.0.2 iFix035", "product": { "name": "IBM Jazz Foundation 7.0.2 iFix035", "product_id": "CSAFPID-0014" } }, { "category": "product_version", "name": "7.0.3 iFix017", "product": { "name": "IBM Jazz Foundation 7.0.3 iFix017", "product_id": "CSAFPID-0015" } }, { "category": "product_version", "name": "7.1.0 iFix005", "product": { "name": "IBM Jazz Foundation 7.1.0 iFix005", "product_id": "CSAFPID-0016" } } ] }, { "category": "product_name", "name": "Jazz Reporting Service", "branches": [ { "category": "product_version_range", "name": ">=7.1|<7.1 iFix007", "product": { "name": "IBM Jazz Reporting Service >=7.1|<7.1 iFix007", "product_id": "CSAFPID-0017" } }, { "category": "product_version_range", "name": ">=7.0.3|<7.0.3 iFix021", "product": { "name": "IBM Jazz Reporting Service >=7.0.3|<7.0.3 iFix021", "product_id": "CSAFPID-0018" } }, { "category": "product_version", "name": "7.1 iFix007", "product": { "name": "IBM Jazz Reporting Service 7.1 iFix007", "product_id": "CSAFPID-0019" } }, { "category": "product_version", "name": "7.0.3 iFix021", "product": { "name": "IBM Jazz Reporting Service 7.0.3 iFix021", "product_id": "CSAFPID-0020" } } ] } ] } ] }, "vulnerabilities": [ { "cve": "CVE-2025-2138", "cwe": { "id": "CWE-602", "name": "Client-Side Enforcement of Server-Side Security" }, "notes": [ { "category": "summary", "text": "IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security. Fixed in 7.0.2 iFix036, 7.0.3 iFix019, and 7.1.0 iFix005.", "title": "Description" }, { "category": "details", "title": "SSVC", "text": "SSVCv2/E:N/A:N/T:P/2025-10-23T13:56:04Z/" } ], "title": "IBM Engineering Requirements Management DOORS Next comment deletion", "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003" ], "fixed": [ "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006" ] }, "references": [ { "category": "external", "summary": "www.ibm.com", "url": "https://www.ibm.com/support/pages/node/7247716" }, { "category": "external", "summary": "CVE-2025-2138", "url": "https://www.cve.org/CVERecord?id=CVE-2025-2138" }, { "category": "external", "summary": "VA-25-297-01", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-297-01.json" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003" ] } ], "remediations": [ { "category": "vendor_fix", "details": "Fixed in 7.0.2 iFix036.", "url": "https://www.ibm.com/support/pages/node/7247716", "product_ids": [ "CSAFPID-0001" ], "date": "2025-10-12T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.0.3 iFix019.", "url": "https://www.ibm.com/support/pages/node/7247716", "product_ids": [ "CSAFPID-0002" ], "date": "2025-10-12T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.1.0 iFix005.", "url": "https://www.ibm.com/support/pages/node/7247716", "product_ids": [ "CSAFPID-0003" ], "date": "2025-10-12T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.0.2 iFix036.", "url": "https://www.ibm.com/support/pages/node/7247716", "product_ids": [ "CSAFPID-0004" ], "date": "2025-10-12T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.0.3 iFix019.", "url": "https://www.ibm.com/support/pages/node/7247716", "product_ids": [ "CSAFPID-0005" ], "date": "2025-10-12T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.1.0 iFix005.", "url": "https://www.ibm.com/support/pages/node/7247716", "product_ids": [ "CSAFPID-0006" ], "date": "2025-10-12T00:00:00Z" } ], "acknowledgments": [ { "organization": "Sandia National Laboratories", "names": [ "Peter Backlund", " Hunter Dyer", " Todd Fine", " Gary Huang", " Dorota Kopczyk", " Charles Nove", " Addison Shuppy", " George Thompson" ] } ], "release_date": "2025-10-12T00:00:00Z" }, { "cve": "CVE-2025-2139", "cwe": { "id": "CWE-602", "name": "Client-Side Enforcement of Server-Side Security" }, "notes": [ { "category": "summary", "text": "IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security. Fixed in 7.0.2 iFix036, 7.0.3 iFix019, and 7.1.0 iFix005.", "title": "Description" }, { "category": "details", "title": "SSVC", "text": "SSVCv2/E:N/A:N/T:P/2025-10-23T14:07:59Z/" } ], "title": "IBM Engineering Requirements Management Doors Next review deletion", "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003" ], "fixed": [ "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006" ] }, "references": [ { "category": "external", "summary": "www.ibm.com", "url": "https://www.ibm.com/support/pages/node/7247716" }, { "category": "external", "summary": "CVE-2025-2139", "url": "https://www.cve.org/CVERecord?id=CVE-2025-2139" }, { "category": "external", "summary": "VA-25-297-01", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-297-01.json" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003" ] } ], "remediations": [ { "category": "vendor_fix", "details": "Fixed in 7.0.2 iFix036.", "url": "https://www.ibm.com/support/pages/node/7247716", "product_ids": [ "CSAFPID-0001" ], "date": "2025-10-12T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.0.3 iFix019.", "url": "https://www.ibm.com/support/pages/node/7247716", "product_ids": [ "CSAFPID-0002" ], "date": "2025-10-12T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.1.0 iFix005.", "url": "https://www.ibm.com/support/pages/node/7247716", "product_ids": [ "CSAFPID-0003" ], "date": "2025-10-12T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.0.2 iFix036.", "url": "https://www.ibm.com/support/pages/node/7247716", "product_ids": [ "CSAFPID-0004" ], "date": "2025-10-12T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.0.3 iFix019.", "url": "https://www.ibm.com/support/pages/node/7247716", "product_ids": [ "CSAFPID-0005" ], "date": "2025-10-12T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.1.0 iFix005.", "url": "https://www.ibm.com/support/pages/node/7247716", "product_ids": [ "CSAFPID-0006" ], "date": "2025-10-12T00:00:00Z" } ], "acknowledgments": [ { "organization": "Sandia National Laboratories", "names": [ "Peter Backlund", " Hunter Dyer", " Todd Fine", " Gary Huang", " Dorota Kopczyk", " Charles Nove", " Addison Shuppy", " George Thompson" ] } ], "release_date": "2025-10-12T00:00:00Z" }, { "cve": "CVE-2025-2140", "cwe": { "id": "CWE-346", "name": "Origin Validation Error" }, "notes": [ { "category": "summary", "text": "IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source data. Fixed in 7.0.2 iFix036, 7.0.3 iFix019, and 7.1.0 iFix005.", "title": "Description" }, { "category": "details", "title": "SSVC", "text": "SSVCv2/E:N/A:N/T:P/2025-10-23T14:37:19Z/" } ], "title": "IBM Engineering Requirements Management Doors Next email spoofing", "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003" ], "fixed": [ "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006" ] }, "references": [ { "category": "external", "summary": "www.ibm.com", "url": "https://www.ibm.com/support/pages/node/7247716" }, { "category": "external", "summary": "CVE-2025-2140", "url": "https://www.cve.org/CVERecord?id=CVE-2025-2140" }, { "category": "external", "summary": "VA-25-297-01", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-297-01.json" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003" ] } ], "remediations": [ { "category": "vendor_fix", "details": "Fixed in 7.0.2 iFix036.", "url": "https://www.ibm.com/support/pages/node/7247716", "product_ids": [ "CSAFPID-0001" ], "date": "2025-10-12T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.0.3 iFix019.", "url": "https://www.ibm.com/support/pages/node/7247716", "product_ids": [ "CSAFPID-0002" ], "date": "2025-10-12T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.1.0 iFix005.", "url": "https://www.ibm.com/support/pages/node/7247716", "product_ids": [ "CSAFPID-0003" ], "date": "2025-10-12T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.0.2 iFix036.", "url": "https://www.ibm.com/support/pages/node/7247716", "product_ids": [ "CSAFPID-0004" ], "date": "2025-10-12T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.0.3 iFix019.", "url": "https://www.ibm.com/support/pages/node/7247716", "product_ids": [ "CSAFPID-0005" ], "date": "2025-10-12T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.1.0 iFix005.", "url": "https://www.ibm.com/support/pages/node/7247716", "product_ids": [ "CSAFPID-0006" ], "date": "2025-10-12T00:00:00Z" } ], "acknowledgments": [ { "organization": "Sandia National Laboratories", "names": [ "Peter Backlund", " Hunter Dyer", " Todd Fine", " Gary Huang", " Dorota Kopczyk", " Charles Nove", " Addison Shuppy", " George Thompson" ] } ], "release_date": "2025-10-12T00:00:00Z" }, { "cve": "CVE-2025-33096", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "notes": [ { "category": "summary", "text": "IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion. Fixed in 7.0.2 iFix036, 7.0.3 iFix019, and 7.1.0 iFix005.", "title": "Description" }, { "category": "details", "title": "SSVC", "text": "SSVCv2/E:N/A:N/T:P/2025-10-23T15:04:30Z/" } ], "title": "IBM Engineering Requirements Management Doors Next file upload denial of service", "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003" ], "fixed": [ "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006" ] }, "references": [ { "category": "external", "summary": "www.ibm.com", "url": "https://www.ibm.com/support/pages/node/7247716" }, { "category": "external", "summary": "CVE-2025-33096", "url": "https://www.cve.org/CVERecord?id=CVE-2025-33096" }, { "category": "external", "summary": "VA-25-297-01", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-297-01.json" } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003" ] } ], "remediations": [ { "category": "vendor_fix", "details": "Fixed in 7.0.2 iFix036.", "url": "https://www.ibm.com/support/pages/node/7247716", "product_ids": [ "CSAFPID-0001" ], "date": "2025-10-12T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.0.3 iFix019.", "url": "https://www.ibm.com/support/pages/node/7247716", "product_ids": [ "CSAFPID-0002" ], "date": "2025-10-12T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.1.0 iFix005.", "url": "https://www.ibm.com/support/pages/node/7247716", "product_ids": [ "CSAFPID-0003" ], "date": "2025-10-12T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.0.2 iFix036.", "url": "https://www.ibm.com/support/pages/node/7247716", "product_ids": [ "CSAFPID-0004" ], "date": "2025-10-12T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.0.3 iFix019.", "url": "https://www.ibm.com/support/pages/node/7247716", "product_ids": [ "CSAFPID-0005" ], "date": "2025-10-12T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.1.0 iFix005.", "url": "https://www.ibm.com/support/pages/node/7247716", "product_ids": [ "CSAFPID-0006" ], "date": "2025-10-12T00:00:00Z" } ], "acknowledgments": [ { "organization": "Sandia National Laboratories", "names": [ "Peter Backlund", " Hunter Dyer", " Todd Fine", " Gary Huang", " Dorota Kopczyk", " Charles Nove", " Addison Shuppy", " George Thompson" ] } ], "release_date": "2025-10-12T00:00:00Z" }, { "cve": "CVE-2025-1826", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" }, "notes": [ { "category": "summary", "text": "IBM Engineering Requirements Management DOORS Next (IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0) is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users on the host network to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Fixed in 7.0.2 iFix035, 7.0.3 iFix017, and 7.1.0 iFix005.", "title": "Description" }, { "category": "details", "title": "SSVC", "text": "SSVCv2/E:N/A:N/T:P/2025-10-23T15:06:01Z/" } ], "title": "IBM Engineering Lifecycle Management - Jazz Foundation stored cross-site scripting", "product_status": { "known_affected": [ "CSAFPID-0011", "CSAFPID-0012", "CSAFPID-0013" ], "fixed": [ "CSAFPID-0014", "CSAFPID-0015", "CSAFPID-0016" ] }, "references": [ { "category": "external", "summary": "www.ibm.com", "url": "https://www.ibm.com/support/pages/node/7247292" }, { "category": "external", "summary": "CVE-2025-1826", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1826" }, { "category": "external", "summary": "VA-25-297-01", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-297-01.json" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "CSAFPID-0011", "CSAFPID-0012", "CSAFPID-0013" ] } ], "remediations": [ { "category": "vendor_fix", "details": "Fixed in 7.0.2 iFix035.", "url": "https://www.ibm.com/support/pages/node/7247292", "product_ids": [ "CSAFPID-0011" ], "date": "2025-10-07T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.0.3 iFix017.", "url": "https://www.ibm.com/support/pages/node/7247292", "product_ids": [ "CSAFPID-0012" ], "date": "2025-10-07T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.1.0 iFix005.", "url": "https://www.ibm.com/support/pages/node/7247292", "product_ids": [ "CSAFPID-0013" ], "date": "2025-10-07T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.0.2 iFix035.", "url": "https://www.ibm.com/support/pages/node/7247292", "product_ids": [ "CSAFPID-0014" ], "date": "2025-10-07T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.0.3 iFix017.", "url": "https://www.ibm.com/support/pages/node/7247292", "product_ids": [ "CSAFPID-0015" ], "date": "2025-10-07T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.1.0 iFix005.", "url": "https://www.ibm.com/support/pages/node/7247292", "product_ids": [ "CSAFPID-0016" ], "date": "2025-10-07T00:00:00Z" } ], "acknowledgments": [ { "organization": "Sandia National Laboratories", "names": [ "Peter Backlund", " Hunter Dyer", " Todd Fine", " Gary Huang", " Dorota Kopczyk", " Charles Nove", " Addison Shuppy", " George Thompson" ] } ], "release_date": "2025-10-07T00:00:00Z" }, { "cve": "CVE-2025-27550", "cwe": { "id": "CWE-497", "name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere" }, "notes": [ { "category": "summary", "text": "IBM Jazz Reporting Service could allow an authenticated user on the host network to obtain sensitive information about other projects that reside on the server. Fixed in 7.1 iFix007 and 7.0.3 iFix021.", "title": "Description" }, { "category": "details", "title": "SSVC", "text": "SSVCv2/E:N/A:N/T:P/2026-02-18T15:04:39Z/" } ], "title": "IBM Jazz Reporting Service Information Disclosure", "product_status": { "known_affected": [ "CSAFPID-0017", "CSAFPID-0018" ], "fixed": [ "CSAFPID-0019", "CSAFPID-0020" ] }, "references": [ { "category": "external", "summary": "www.ibm.com", "url": "https://www.ibm.com/support/pages/node/7258083" }, { "category": "external", "summary": "CVE-2025-27550", "url": "https://www.cve.org/CVERecord?id=CVE-2025-27550" }, { "category": "external", "summary": "VA-25-297-01", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-297-01.json" } ], "scores": [ { "cvss_v3": { "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-0017", "CSAFPID-0018" ] } ], "remediations": [ { "category": "vendor_fix", "details": "Fixed in 7.1 iFix007.", "url": "https://www.ibm.com/support/pages/node/7258083", "product_ids": [ "CSAFPID-0017" ], "date": "2026-02-04T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.0.3 iFix021.", "url": "https://www.ibm.com/support/pages/node/7258083", "product_ids": [ "CSAFPID-0018" ], "date": "2026-02-04T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.1 iFix007.", "url": "https://www.ibm.com/support/pages/node/7258083", "product_ids": [ "CSAFPID-0019" ], "date": "2026-02-04T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.0.3 iFix021.", "url": "https://www.ibm.com/support/pages/node/7258083", "product_ids": [ "CSAFPID-0020" ], "date": "2026-02-04T00:00:00Z" } ], "acknowledgments": [ { "organization": "Sandia National Laboratories", "names": [ "Peter Backlund", " Hunter Dyer", " Todd Fine", " Gary Huang", " Dorota Kopczyk", " Charles Nove", " Addison Shuppy", " George Thompson" ] } ], "release_date": "2026-02-04T00:00:00Z" }, { "cve": "CVE-2025-1823", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "notes": [ { "category": "summary", "text": "IBM Jazz Reporting Service could allow an authenticated user on the host network to cause a denial of service using specially crafted SQL query that consumes excess memory resources. Fixed in 7.1 iFix007 and 7.0.3 iFix021.", "title": "Description" }, { "category": "details", "title": "SSVC", "text": "SSVCv2/E:N/A:N/T:P/2026-02-18T15:40:57Z/" } ], "title": "IBM Jazz Reporting Service Denial of Service", "product_status": { "known_affected": [ "CSAFPID-0017", "CSAFPID-0018" ], "fixed": [ "CSAFPID-0019", "CSAFPID-0020" ] }, "references": [ { "category": "external", "summary": "www.ibm.com", "url": "https://www.ibm.com/support/pages/node/7258083" }, { "category": "external", "summary": "CVE-2025-1823", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1823" }, { "category": "external", "summary": "VA-25-297-01", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-297-01.json" } ], "scores": [ { "cvss_v3": { "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "CSAFPID-0017", "CSAFPID-0018" ] } ], "remediations": [ { "category": "vendor_fix", "details": "Fixed in 7.1 iFix007.", "url": "https://www.ibm.com/support/pages/node/7258083", "product_ids": [ "CSAFPID-0017" ], "date": "2026-02-04T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.0.3 iFix021.", "url": "https://www.ibm.com/support/pages/node/7258083", "product_ids": [ "CSAFPID-0018" ], "date": "2026-02-04T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.1 iFix007.", "url": "https://www.ibm.com/support/pages/node/7258083", "product_ids": [ "CSAFPID-0019" ], "date": "2026-02-04T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.0.3 iFix021.", "url": "https://www.ibm.com/support/pages/node/7258083", "product_ids": [ "CSAFPID-0020" ], "date": "2026-02-04T00:00:00Z" } ], "acknowledgments": [ { "organization": "Sandia National Laboratories", "names": [ "Peter Backlund", " Hunter Dyer", " Todd Fine", " Gary Huang", " Dorota Kopczyk", " Charles Nove", " Addison Shuppy", " George Thompson" ] } ], "release_date": "2026-02-04T00:00:00Z" }, { "cve": "CVE-2025-2134", "cwe": { "id": "CWE-410", "name": "Insufficient Resource Pool" }, "notes": [ { "category": "summary", "text": "IBM Jazz Reporting Service could allow an authenticated user on the network to affect the system's performance using complicated queries due to insufficient resource pooling. Fixed in 7.1 iFix007 and 7.0.3 iFix021.", "title": "Description" }, { "category": "details", "title": "SSVC", "text": "SSVCv2/E:N/A:N/T:P/2026-02-18T15:41:07Z/" } ], "title": "IBM Jazz Reporting Service Denial of Service", "product_status": { "known_affected": [ "CSAFPID-0017", "CSAFPID-0018" ], "fixed": [ "CSAFPID-0019", "CSAFPID-0020" ] }, "references": [ { "category": "external", "summary": "www.ibm.com", "url": "https://www.ibm.com/support/pages/node/7258083" }, { "category": "external", "summary": "CVE-2025-2134", "url": "https://www.cve.org/CVERecord?id=CVE-2025-2134" }, { "category": "external", "summary": "VA-25-297-01", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-297-01.json" } ], "scores": [ { "cvss_v3": { "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "CSAFPID-0017", "CSAFPID-0018" ] } ], "remediations": [ { "category": "vendor_fix", "details": "Fixed in 7.1 iFix007.", "url": "https://www.ibm.com/support/pages/node/7258083", "product_ids": [ "CSAFPID-0017" ], "date": "2026-02-04T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.0.3 iFix021.", "url": "https://www.ibm.com/support/pages/node/7258083", "product_ids": [ "CSAFPID-0018" ], "date": "2026-02-04T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.1 iFix007.", "url": "https://www.ibm.com/support/pages/node/7258083", "product_ids": [ "CSAFPID-0019" ], "date": "2026-02-04T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.0.3 iFix021.", "url": "https://www.ibm.com/support/pages/node/7258083", "product_ids": [ "CSAFPID-0020" ], "date": "2026-02-04T00:00:00Z" } ], "acknowledgments": [ { "organization": "Sandia National Laboratories", "names": [ "Peter Backlund", " Hunter Dyer", " Todd Fine", " Gary Huang", " Dorota Kopczyk", " Charles Nove", " Addison Shuppy", " George Thompson" ] } ], "release_date": "2026-02-04T00:00:00Z" }, { "cve": "CVE-2025-13734", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "notes": [ { "category": "summary", "text": "IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions. Fixed in 7.1 iFix008 and 7.2 iFix001.", "title": "Description" }, { "category": "details", "title": "SSVC", "text": "SSVCv2/E:N/A:N/T:P/2026-03-04T14:48:03Z/" } ], "title": "IBM Engineering Requirements Management DOORS Next could allow an authenticated user to access and modify data beyond authorized permissions", "product_status": { "known_affected": [ "CSAFPID-0007", "CSAFPID-0008" ], "fixed": [ "CSAFPID-0009", "CSAFPID-0010" ] }, "references": [ { "category": "external", "summary": "www.ibm.com", "url": "https://www.ibm.com/support/pages/node/7261900" }, { "category": "external", "summary": "CVE-2025-13734", "url": "https://www.cve.org/CVERecord?id=CVE-2025-13734" }, { "category": "external", "summary": "VA-25-297-01", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-297-01.json" } ], "scores": [ { "cvss_v3": { "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "CSAFPID-0007", "CSAFPID-0008" ] } ], "remediations": [ { "category": "vendor_fix", "details": "Fixed in 7.1 iFix008.", "url": "https://www.ibm.com/support/pages/node/7261900", "product_ids": [ "CSAFPID-0007" ], "date": "2026-02-26T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.2 iFix001.", "url": "https://www.ibm.com/support/pages/node/7261900", "product_ids": [ "CSAFPID-0008" ], "date": "2025-02-26T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.1 iFix008.", "url": "https://www.ibm.com/support/pages/node/7261900", "product_ids": [ "CSAFPID-0009" ], "date": "2026-02-26T00:00:00Z" }, { "category": "vendor_fix", "details": "Fixed in 7.2 iFix001.", "url": "https://www.ibm.com/support/pages/node/7261900", "product_ids": [ "CSAFPID-0010" ], "date": "2026-02-26T00:00:00Z" } ], "acknowledgments": [ { "organization": "Sandia National Laboratories", "names": [ "Peter Backlund", " Hunter Dyer", " Todd Fine", " Gary Huang", " Dorota Kopczyk", " Charles Nove", " Addison Shuppy", " George Thompson" ] } ], "release_date": "2026-03-03T00:00:00Z" } ] }