CVE-2014-3037Cross-Site Request Forgery in IBM Rational Engineering Lifecycle Manager

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
6.0MEDIUMNVD
EPSS
0.1%
top 66.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Rational Engineering Lifecycle ManagerIBM Rational Rhapsody Design ManagerIBM Rational Software Architect Design Manager
Timeline
PublishedSep 10
Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in IBM Configuration Management Application (aka VVC) in IBM Rational Engineering Lifecycle Manager before 4.0.7 and 5.x before 5.0.1, Rational Software Architect Design Manager before 4.0.7 and 5.x before 5.0.1, and Rational Rhapsody Design Manager before 4.0.7 and 5.x before 5.0.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages3 packages

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-qpv4-vjrh-xmhc: Cross-site request forgery (CSRF) vulnerability in IBM Configuration Management Application (aka VVC) in IBM Rational Engineering Lifecycle Manager be2022-05-17
CVEList
CVE-2014-3037: Cross-site request forgery (CSRF) vulnerability in IBM Configuration Management Application (aka VVC) in IBM Rational Engineering Lifecycle Manager be2014-09-10
CVE-2014-3037 — Cross-Site Request Forgery in IBM | cvebase