CVE-2014-3037

Published Sep 10, 2014

Last updated 3 months ago

CVSS info 6.0

Overview

Description: Cross-site request forgery (CSRF) vulnerability in IBM Configuration Management Application (aka VVC) in IBM Rational Engineering Lifecycle Manager before 4.0.7 and 5.x before 5.0.1, Rational Software Architect Design Manager before 4.0.7 and 5.x before 5.0.1, and Rational Rhapsody Design Manager before 4.0.7 and 5.x before 5.0.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Source: psirt@us.ibm.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6
Impact score: 6.4
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-352

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7FDAA7F3-B666-485D-B35A-6C095A729D2E",
            "versionEndIncluding": "4.0.6"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF445BA2-BD53-43FB-BF1E-58510FC4FF3B"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:3.0.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA18DE5C-904D-4FD0-A479-18314B170ACB"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:3.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "890ABCC2-F417-4E6E-A0A8-7D485FAE3FA1"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46883130-F370-406C-A8E8-213399F2EE47"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A13CE71-BEC0-4DEC-9CF7-183672F6729D"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DB2451D-F31E-4CF6-8E61-2970A4FB174D"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01A27F4B-0ED9-479F-B91B-FCB514CF1D1B"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EEAF452F-94AB-4857-BCD6-AE5251C61526"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7596E71E-4507-4EFC-ABF9-41D8FD338CC3"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B12D7433-30F0-427F-BF82-0AAD492CE35D"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EFE97777-956C-4D24-866B-520A4315EFBB",
            "versionEndIncluding": "4.06"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B30003D-1BF8-414D-9D6D-9D1B90D4EBB3"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:1.0.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6B5AC6B-5DCB-458C-8267-6AF5CC9C3E44"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.03:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6ECCE2F-893B-496A-AFBE-179A8CC29651"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "73B56BB0-7779-4FF5-82A9-A81F9813FD00"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.05:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "618EDC12-6763-4AD4-9498-5AF28C8DE0D0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE1738F8-EECC-46C9-AE0C-46E8E4B2AC5E"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A67F9944-5387-45AF-9FC6-6D04D1CAC5CF",
            "versionEndIncluding": "4.0.6"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D5C2251-FB5D-4775-BDB8-6115732E6615"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB05DAD7-F6DB-4441-B9D4-BD0F1BD1DF25"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3FC3B8F6-F9D7-454C-B7A2-732B6708AF04"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C297440-406F-4508-9D8D-92F79DF91C4A"
          },
          {
            "criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2654BDE-3134-4653-B472-995B02E9B841"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References