CVE-2017-1240Sensitive Information Exposure in IBM Rational Rhapsody Design Manager

CWE-200Sensitive Information ExposureCWE-1240Use of a Cryptographic Primitive with a Risky Implementation4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 60.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
IBM Rational Collaborative Lifecycle ManagementIBM Rational Doors Next GenerationIBM Rational Engineering Lifecycle Manager+4 more
Timeline
PublishedNov 27
Latest updateMay 17

Description

IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages8 packages

NVDibm/rational_team_concert18 versions+17
NVDibm/rational_quality_manager18 versions+17

🔴Vulnerability Details

3
GHSA
GHSA-2hjg-g7x8-jf42: IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses2022-05-17
GHSA
scalarmult() vulnerable to degenerate public keys2021-08-25
CVEList
CVE-2017-1240: IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses2017-11-27
CVE-2017-1240 — Sensitive Information Exposure in IBM | cvebase