High Severity

Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to XML external entity (XXE) attacks due to FasterXML Jackson Databind (CVE-2020-25649)

May 3, 2022

Share this post:

IBM Engineering Requirements Management DOORS Next is vulnerable to CVE-2020-25649 due to FasterXML Jackson Databind. FasterXML Jackson Databind is used by IBM Engineering Requirements Management DOORS Next for data mapping between JSON and Java objects. The fix includes FasterXML Jackson Databind v2.12.4.

CVE(s): CVE-2020-25649

Affected product(s) and affected version(s):

Affected Product(s)	Version(s)
IBM Engineering Requirements Management DOORS Next	7.0.2
IBM Engineering Requirements Management DOORS Next	7.0
IBM Engineering Requirements Management DOORS Next	7.0.1
IBM Rational DOORS Next Generation	6.0.6.1
IBM Rational DOORS Next Generation	6.0.6

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6579485
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/192648

High Severity

Security Bulletin: IBM Informix Dynamic Server is affected to denial of service due to FasterXML jackson-databind (CVE-2020-36518)

Search Posts

Resources

Feed for PSIRT Blog Posts

IBM Product Security Vulnerabilities

See information about: IBM Security Bulletins, IBM Security Vulnerability Management (PSIRT), Reporting a Security Issue, IBM Secure Engineering

Learn More

IBM Product Support Portal

Access IBM Product Support to: Subscribe to Notifications, Download Fixes & PTFs (Fix Central), Access the Directory of IBM Worldwide Contacts

See What's New

Helpful Information

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for June 2022

July 1, 2022 | High Severity

In addition to many updates of open source packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.2-IF012 and 21.0.3-IF010. ...read more

Security Bulletin: Remote code execution vulnerability affect IBM Business Automation Workflow – CVE-2021-43138

July 1, 2022 | High Severity

IBM Business Automation Workflow is vulnerable to a remote code execution attack. ...read more

Security Bulletin: Vulnerabilities in Samba, OpenSSL, Python, and XStream affect IBM Spectrum Protect Plus (CVE-2021-20254, CVE-2021-3712, CVE-2021-43859, CVE-2022-0778, CVE-2020-25717, CVE-2021-23192, CVE-2021-3733)

June 30, 2022 | High Severity

Vulnerabilities in Samba, OpenSSL, Python, and XStream may affect IBM Spectrum Protect Plus. These vulnerabilities include bypassing security restrictions, obtaining sensitive information, denial of service, and elevation of privileges. ...read more

High Severity

Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to XML external entity (XXE) attacks due to FasterXML Jackson Databind (CVE-2020-25649)

Security Bulletin: IBM Informix Dynamic Server is affected to denial of service due to FasterXML jackson-databind (CVE-2020-36518)

Security Bulletin: IBM Security Guardium Data Encryption has vulnerability ( CVE-2021-39020)

Search Posts

Archives

Resources

IBM Product Security Vulnerabilities

IBM Product Support Portal

Helpful Information

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for June 2022

July 1, 2022 | High Severity

Security Bulletin: Remote code execution vulnerability affect IBM Business Automation Workflow – CVE-2021-43138

July 1, 2022 | High Severity

Security Bulletin: Vulnerabilities in Samba, OpenSSL, Python, and XStream affect IBM Spectrum Protect Plus (CVE-2021-20254, CVE-2021-3712, CVE-2021-43859, CVE-2022-0778, CVE-2020-25717, CVE-2021-23192, CVE-2021-3733)

June 30, 2022 | High Severity