Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM75051D49E0732C5AE446CB396F62C828671463163BC58081E12556033BDF3D87
HistoryJun 17, 2018 - 5:19 a.m.

Security Bulletin: Vulnerability in Rational Rhapsody Design Manager with potential for Denial of Service attack

2018-06-1705:19:07
www.ibm.com
18

EPSS

0.001

Percentile

49.7%

JSON

Summary

IBM Rhapsody Design Manager is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data.

Vulnerability Details

CVEID: CVE-2016-8974**
DESCRIPTION:** IBM Rhapsody DM is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources.
CVSS Base Score: 7.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118911 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)

CVEID: CVE-2015-7485**
DESCRIPTION:** IBM Jazz technology based products are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108626 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Rational Rhapsody Design Manager 4.0 - 4.0.7
Rational Rhapsody Design Manager 5.0 - 5.0.2
Rational Rhapsody Design Manager 6.0 - 6.0.2

Design Manager 6.0.3 is not affected.

Remediation/Fixes

For the 6.0.2 releases, upgrade to version 6.0.2 ifix8 or later
<https://jazz.net/downloads/design-management/releases/6.0.2iFix8&gt;

For the 5.x releases, upgrade to version 5.0.2 iFix19 or later
<https://jazz.net/downloads/design-management/releases/5.0.2iFix19&gt;

Workarounds and Mitigations

For 4.0.7 and any prior versions of the products listed above, IBM recommends upgrading to 5.0.2, or 6.0.2 or 6.0.3.

Related

cvelist 2
prion 2
nvd 2
cve 2
ibm 3
cvelist
cvelist
CVE-2016-8974
2017-02-23 16:00:00
CVE-2015-7485
2018-01-16 19:00:00
prion
prion
Xxe
2017-02-23 16:59:00
Cross site scripting
2018-01-16 19:29:00
nvd
nvd
CVE-2016-8974
2017-02-23 16:59:00
CVE-2015-7485
2018-01-16 19:29:00
cve
cve
CVE-2016-8974
2017-02-23 16:59:00
CVE-2015-7485
2018-01-16 19:29:00
ibm
ibm
Security Bulletin: Vulnerability in IBM Rational Software Architect Design Manager can allow denial of service attack (CVE-2016-8974, CVE-2016-9698)
2018-06-17 05:20:40
Security Bulletin: Vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology (CVE-2015-7484, CVE-2015-7474, CVE-2015-7485, CVE-2015-7486, CVE-2016-0219)
2021-04-28 18:35:50
Security Bulletin: Multiple vulnerabilities in certain services of IBM Rational Software Architect Design Manager
2018-06-17 05:22:50

EPSS

0.001

Percentile

49.7%

JSON
Related for 75051D49E0732C5AE446CB396F62C828671463163BC58081E12556033BDF3D87
cvelist2prion2nvd2cve2ibm3