CVE-2024-41787

Critical

Published: 10 January 2025

Published

10 January 2025

Modified

20 August 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0002 6.5th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code.

Security Summary

IBM Engineering Requirements Management DOORS Next versions 7.0.2 and 7.0.3 are affected by CVE-2024-41787, a critical vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) stemming from a race condition (CWE-367). This flaw enables a remote attacker to bypass security restrictions by sending a specially crafted request, potentially leading to remote code execution.

The vulnerability can be exploited by any unauthenticated remote attacker over the network with low complexity and no user interaction required. Successful exploitation grants high-impact access, allowing the attacker to achieve full confidentiality, integrity, and availability compromise on the targeted system.

For mitigation details, refer to the official IBM advisory at https://www.ibm.com/support/pages/node/7180636, which outlines available patches and remediation steps.

Details

CWE(s): CWE-367

Affected Products

ibm

doors next

7.0.2, 7.0.3

References

https://www.ibm.com/support/pages/node/7180636
Vendor Advisory · psirt@us.ibm.com