Lucene search

IbmCVE-2014-3037

HistorySep 10, 2014 - 10:55 a.m.

CVE-2014-3037

2014-09-1010:55:07

CWE-352

ibm

web.nvd.nist.gov

ibm

configuration management application

csrf

vulnerability

xss

remote hijacking

authentication

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

35.1%

JSON

Cross-site request forgery (CSRF) vulnerability in IBM Configuration Management Application (aka VVC) in IBM Rational Engineering Lifecycle Manager before 4.0.7 and 5.x before 5.0.1, Rational Software Architect Design Manager before 4.0.7 and 5.x before 5.0.1, and Rational Rhapsody Design Manager before 4.0.7 and 5.x before 5.0.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Affected configurations

Nvd

Node

ibmrational_rhapsody_design_managerRange≤4.0.6

ibmrational_rhapsody_design_managerMatch3.0

ibmrational_rhapsody_design_managerMatch3.0.0.1

ibmrational_rhapsody_design_managerMatch3.0.1

ibmrational_rhapsody_design_managerMatch4.0

ibmrational_rhapsody_design_managerMatch4.0.1

ibmrational_rhapsody_design_managerMatch4.0.2

ibmrational_rhapsody_design_managerMatch4.0.3

ibmrational_rhapsody_design_managerMatch4.0.4

ibmrational_rhapsody_design_managerMatch4.0.5

ibmrational_rhapsody_design_managerMatch5.0

Node

ibmrational_engineering_lifecycle_managerRange≤4.06

ibmrational_engineering_lifecycle_managerMatch1.0

ibmrational_engineering_lifecycle_managerMatch1.0.0.1

ibmrational_engineering_lifecycle_managerMatch4.03

ibmrational_engineering_lifecycle_managerMatch4.04

ibmrational_engineering_lifecycle_managerMatch4.05

ibmrational_engineering_lifecycle_managerMatch5.0

Node

ibmrational_software_architect_design_managerRange≤4.0.6

ibmrational_software_architect_design_managerMatch3.0

ibmrational_software_architect_design_managerMatch3.0.0.1

ibmrational_software_architect_design_managerMatch4.0.0

ibmrational_software_architect_design_managerMatch4.0.1

ibmrational_software_architect_design_managerMatch4.0.2

ibmrational_software_architect_design_managerMatch4.0.3

ibmrational_software_architect_design_managerMatch4.0.4

ibmrational_software_architect_design_managerMatch4.0.5

ibmrational_software_architect_design_managerMatch5.0

VendorProductVersionCPE
ibmrational_rhapsody_design_manager*cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*
ibmrational_rhapsody_design_manager3.0cpe:2.3:a:ibm:rational_rhapsody_design_manager:3.0:*:*:*:*:*:*:*
ibmrational_rhapsody_design_manager3.0.0.1cpe:2.3:a:ibm:rational_rhapsody_design_manager:3.0.0.1:*:*:*:*:*:*:*
ibmrational_rhapsody_design_manager3.0.1cpe:2.3:a:ibm:rational_rhapsody_design_manager:3.0.1:*:*:*:*:*:*:*
ibmrational_rhapsody_design_manager4.0cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:*:*:*:*:*:*:*
ibmrational_rhapsody_design_manager4.0.1cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*
ibmrational_rhapsody_design_manager4.0.2cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*
ibmrational_rhapsody_design_manager4.0.3cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*
ibmrational_rhapsody_design_manager4.0.4cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*
ibmrational_rhapsody_design_manager4.0.5cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	rational_rhapsody_design_manager	*	cpe:2.3:a:ibm:rational_rhapsody_design_manager::::::::
ibm	rational_rhapsody_design_manager	3.0	cpe:2.3:a:ibm:rational_rhapsody_design_manager:3.0:::::::*
ibm	rational_rhapsody_design_manager	3.0.0.1	cpe:2.3:a:ibm:rational_rhapsody_design_manager:3.0.0.1:::::::*
ibm	rational_rhapsody_design_manager	3.0.1	cpe:2.3:a:ibm:rational_rhapsody_design_manager:3.0.1:::::::*
ibm	rational_rhapsody_design_manager	4.0	cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:::::::*
ibm	rational_rhapsody_design_manager	4.0.1	cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:::::::*
ibm	rational_rhapsody_design_manager	4.0.2	cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:::::::*
ibm	rational_rhapsody_design_manager	4.0.3	cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:::::::*
ibm	rational_rhapsody_design_manager	4.0.4	cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:::::::*
ibm	rational_rhapsody_design_manager	4.0.5	cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:::::::*

Rows per page:

1-10 of 281

References

secunia.com/advisories/60649

secunia.com/advisories/61071

www-01.ibm.com/support/docview.wss?uid=swg21682120

www.securityfocus.com/bid/69658

exchange.xforce.ibmcloud.com/vulnerabilities/93303

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

35.1%

JSON

Related for CVE-2014-3037