CVE-2024-43190
BaseFortify
Publication date: 2025-07-07
Last updated on: 2025-08-20
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | engineering_requirements_management_doors | From 9.6 (inc) to 9.6.1.13 (inc) |
| ibm | engineering_requirements_management_doors | 9.7.2.9 |
| ibm | engineering_requirements_management_doors_web_access | From 9.6 (inc) to 9.6.1.13 (inc) |
| ibm | engineering_requirements_management_doors_web_access | 9.7.2.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-640 | The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
An attacker exploiting this vulnerability could intercept password reset instructions, potentially allowing unauthorized access to user accounts by resetting passwords without the user's consent.
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate step to mitigate this vulnerability is to upgrade IBM Engineering Requirements Management DOORS/DWA to version 9.7.2.10, which contains fixes for CVE-2024-43190 and other vulnerabilities. [1]
Can you explain this vulnerability to me?
IBM Engineering Requirements Management DOORS version 9.7.2.9 has a vulnerability that under certain configurations allows a remote attacker to use man-in-the-middle techniques to obtain password reset instructions intended for a legitimate user.