CVE-2014-3037
Published Sep 10, 2014
Last updated 7 years ago
Overview
- Description
- Cross-site request forgery (CSRF) vulnerability in IBM Configuration Management Application (aka VVC) in IBM Rational Engineering Lifecycle Manager before 4.0.7 and 5.x before 5.0.1, Rational Software Architect Design Manager before 4.0.7 and 5.x before 5.0.1, and Rational Rhapsody Design Manager before 4.0.7 and 5.x before 5.0.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
- Source
- psirt@us.ibm.com
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6
- Impact score
- 6.4
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-352
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7FDAA7F3-B666-485D-B35A-6C095A729D2E",
"versionEndIncluding": "4.0.6"
},
{
"criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AF445BA2-BD53-43FB-BF1E-58510FC4FF3B"
},
{
"criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:3.0.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA18DE5C-904D-4FD0-A479-18314B170ACB"
},
{
"criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:3.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "890ABCC2-F417-4E6E-A0A8-7D485FAE3FA1"
},
{
"criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46883130-F370-406C-A8E8-213399F2EE47"
},
{
"criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5A13CE71-BEC0-4DEC-9CF7-183672F6729D"
},
{
"criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2DB2451D-F31E-4CF6-8E61-2970A4FB174D"
},
{
"criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "01A27F4B-0ED9-479F-B91B-FCB514CF1D1B"
},
{
"criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EEAF452F-94AB-4857-BCD6-AE5251C61526"
},
{
"criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7596E71E-4507-4EFC-ABF9-41D8FD338CC3"
},
{
"criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B12D7433-30F0-427F-BF82-0AAD492CE35D"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EFE97777-956C-4D24-866B-520A4315EFBB",
"versionEndIncluding": "4.06"
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5B30003D-1BF8-414D-9D6D-9D1B90D4EBB3"
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:1.0.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A6B5AC6B-5DCB-458C-8267-6AF5CC9C3E44"
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.03:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B6ECCE2F-893B-496A-AFBE-179A8CC29651"
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.04:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "73B56BB0-7779-4FF5-82A9-A81F9813FD00"
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.05:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "618EDC12-6763-4AD4-9498-5AF28C8DE0D0"
},
{
"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AE1738F8-EECC-46C9-AE0C-46E8E4B2AC5E"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A67F9944-5387-45AF-9FC6-6D04D1CAC5CF",
"versionEndIncluding": "4.0.6"
},
{
"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D5C2251-FB5D-4775-BDB8-6115732E6615"
},
{
"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EB05DAD7-F6DB-4441-B9D4-BD0F1BD1DF25"
},
{
"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3FC3B8F6-F9D7-454C-B7A2-732B6708AF04"
},
{
"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1"
},
{
"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D"
},
{
"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8"
},
{
"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622"
},
{
"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1C297440-406F-4508-9D8D-92F79DF91C4A"
},
{
"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E2654BDE-3134-4653-B472-995B02E9B841"
}
],
"operator": "OR"
}
]
}
]