CVE-2024-43190

IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a remote attacker to obtain password reset instructions of a legitimate user using man in the middle techniques.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7238992

Configurations

No configuration.

History

08 Jul 2025, 16:18

Type	Values Removed	Values Added
Summary		(es) IBM Engineering Requirements Management DOORS 9.7.2.9, bajo ciertas configuraciones, podría permitir que un atacante remoto obtenga instrucciones de restablecimiento de contraseña de un usuario legítimo utilizando técnicas de intermediario.

07 Jul 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-07 18:15

Updated : 2025-07-08 16:18

NVD link : CVE-2024-43190

Mitre link : CVE-2024-43190

CVE.ORG link : CVE-2024-43190

JSON object : View

Products Affected

No product.

CWE

CWE-640

Weak Password Recovery Mechanism for Forgotten Password

5.9 /10