CVE-2018-1587 — Sensitive Information Exposure in IBM Rational Rhapsody Design Manager

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 64.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Rational Rhapsody Design Manager IBM Rational Software Architect Design Manager

Timeline

PublishedJul 19

Latest updateMay 13

Description

IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 could reveal technical error messages to allow an adversary to gain information about the application and database that could be used to conduct further attacks. IBM X-Force ID: 143500.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶NVDibm/rational_software_architect_design_manager5.0 — 5.0.2+1

▶CVEListV5ibm/rational_software_architect_design_manager5 versions+4

▶NVDibm/rational_rhapsody_design_manager5.0 — 5.0.2+1

▶CVEListV5ibm/rational_rhapsody_design_manager9 versions+8

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-r5f8-2fjh-jh7c: IBM Rational Rhapsody Design Manager 5↗2022-05-13

▶

CVEList

CVE-2018-1587: IBM Rational Rhapsody Design Manager 5↗2018-07-19

▶