CVE-2023-28949

Name of the Vulnerable Software and Affected Versions IBM Engineering Requirements Management DOORS version 9.7.2.7

Description The issue is related to cross-site request forgery, which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. This could enable a remote attacker to execute arbitrary commands.

Recommendations For IBM Engineering Requirements Management DOORS version 9.7.2.7, consider disabling any features that may be susceptible to cross-site request forgery attacks until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.