CVE-2025-13734 - Vulnerability Details - OpenCVE

IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Engineering Requirements Management Doors Next

No data.

No data.

No data.

References

Link	Providers
https://www.ibm.com/support/pages/node/7261900

History

Tue, 03 Mar 2026 20:00:00 +0000

Type	Values Removed	Values Added
Description		IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions.
Title		IBM Engineering Requirements Management DOORS Next could allow an authenticated user to access and modify data beyond authorized permissions
First Time appeared		Ibm Ibm engineering Requirements Management Doors Next
Weaknesses		CWE-862
CPEs		cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1.0:::::::* cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1:::::::* cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.2.0:::::::* cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.2:::::::*
Vendors & Products		Ibm Ibm engineering Requirements Management Doors Next
References		https://www.ibm.com/support/pages/node/7261900
Metrics		cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}`

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2026-03-03T19:51:48.142Z

Updated: 2026-03-03T19:51:48.142Z

Reserved: 2025-11-26T02:11:54.076Z

Link: CVE-2025-13734

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-03-03T20:16:42.427

Modified: 2026-03-03T21:52:29.877

Link: CVE-2025-13734

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13734", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-11-26T02:11:54.076Z", "datePublished": "2026-03-03T19:51:48.142Z", "dateUpdated": "2026-03-03T19:51:48.142Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.2.0:*:*:*:*:*:*:*"], "product": "Engineering Requirements Management DOORS Next", "vendor": "IBM", "versions": [{"lessThanOrEqual": "rage Scale 5.2.3.0 - 5.2.3.5", "status": "affected", "version": "7.1", "versionType": "semver"}, {"lessThanOrEqual": "rage Scale 6.0.0.0 - 6.0.0.1", "status": "affected", "version": "7.2", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Acknowledgement The vulnerability was reported to IBM by: Peter Backlund, Hunter Dyer, Todd Fine, Gary Huang, Dorota Kopczyk, Charles Nove, Addison Shuppy, George Thompson, Sandia National Laboratories"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions.</p>"}], "value": "IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-03-03T19:51:48.142Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7261900"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>IBM strongly recommends addressing the vulnerabilities now by taking the actions documented in this bulletin. For IBM Engineering Requirements Management DOORS Next 7.1, install ifix 08 or newer. For IBM Engineering Requirements Management DOORS Next 7.2, install ifix 01 or newer.</p>"}], "value": "IBM strongly recommends addressing the vulnerabilities now by taking the actions documented in this bulletin. For IBM Engineering Requirements Management DOORS Next 7.1, install ifix 08 or newer. For IBM Engineering Requirements Management DOORS Next 7.2, install ifix 01 or newer."}], "title": "IBM Engineering Requirements Management DOORS Next could allow an authenticated user to access and modify data beyond authorized permissions", "x_generator": {"engine": "ibm-cvegen"}}}}