IBM has issued an urgent security bulletin regarding two critical vulnerabilities affecting its Engineering Requirements Management DOORS Next software. Identified as CVE-2024-41779 and CVE-2024-41787, these flaws pose significant risks, including remote code execution and security bypass.
The two vulnerabilities, both rated with a CVSS Base Score of 9.8, reflect severe risks to organizations relying on IBM’s DOORS Next and Rhapsody Model Manager software for engineering requirements management and systems design. According to IBM’s bulletin:
- CVE-2024-41787 (Race Condition Servlet): IBM Engineering Requirements Management DOORS Next could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code.
- CVE-2024-41779 (Race Condition Format Flaw): IBM Engineering Systems Design Rhapsody – Model Manager 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code.
These vulnerabilities affect versions 7.0.2 and 7.0.3 of DOORS Next, with no available workarounds or mitigations. The potential for exploitation underscores the urgency of addressing these flaws promptly.
IBM strongly advises its users to apply the provided fixes immediately. Specific actions include:
Organizations can download the necessary fixes directly from IBM’s Fix Central, ensuring they address these vulnerabilities effectively.
Related Posts:
- CVE-2024-41779 (CVSS 9.8): IBM Rhapsody Model Manager Vulnerability Puts Systems at Risk
- ABB Door Communication Systems exposed serious flaws
