CVE-2024-43169
📋 TL;DR
IBM Engineering Requirements Management DOORS Next versions 7.0.2, 7.0.3, and 7.1 contain a vulnerability that allows users to download malicious files without proper integrity verification. This could lead to arbitrary code execution on affected systems. Organizations using these specific DOORS Next versions are at risk.
💻 Affected Systems
- IBM Engineering Requirements Management DOORS Next
📦 What is this software?
Engineering Requirements Management Doors Next by Ibm
View all CVEs affecting Engineering Requirements Management Doors Next →
⚠️ Risk & Real-World Impact
Worst Case
Attackers could execute arbitrary code with the privileges of the DOORS Next application, potentially leading to complete system compromise, data theft, or ransomware deployment.
Likely Case
Malicious actors could upload and distribute malware to users through the DOORS Next interface, leading to client-side infections or credential harvesting.
If Mitigated
With proper network segmentation and endpoint protection, impact could be limited to isolated application servers without lateral movement.
🎯 Exploit Status
Requires user interaction to download malicious file; exploitation details not publicly disclosed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Apply interim fix or upgrade to version 7.0.2 iFix003, 7.0.3 iFix003, or 7.1 iFix001
Vendor Advisory: https://www.ibm.com/support/pages/node/7184506
Restart Required: Yes
Instructions:
1. Download appropriate interim fix from IBM Fix Central. 2. Stop DOORS Next services. 3. Apply the fix according to IBM documentation. 4. Restart services. 5. Verify successful installation.
🔧 Temporary Workarounds
Restrict file uploads
allConfigure DOORS Next to restrict file uploads to trusted sources only
Implement file scanning
allDeploy antivirus/antimalware scanning on DOORS Next server for all uploaded/downloaded files
🧯 If You Can't Patch
- Implement network segmentation to isolate DOORS Next servers from critical systems
- Deploy endpoint detection and response (EDR) solutions on all client machines accessing DOORS Next
🔍 How to Verify
Check if Vulnerable:
Check DOORS Next version via administrative console or by examining installation logsCheck Version:
Check IBM Installation Manager or DOORS Next administrative interface for version informationVerify Fix Applied:
Verify interim fix installation through IBM Installation Manager or check version in administrative console📡 Detection & Monitoring
Log Indicators:
- Unusual file download patterns
- Large file transfers from unexpected sources
- Antivirus alerts on DOORS Next server
Network Indicators:
- Unexpected outbound connections from DOORS Next server
- File transfer to suspicious external IPs
SIEM Query:
source="DOORS_Next" AND (event="file_download" OR event="file_upload") AND file_size>100MB