CVE-2018-1587 - OpenCVE

IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 could reveal technical error messages to allow an adversary to gain information about the application and database that could be used to conduct further attacks. IBM X-Force ID: 143500.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Rational Rhapsody Design Manager Rational Software Architect Design Manager

Configuration 1 [-]

OR	cpe:2.3:a:ibm:rational_rhapsody_design_manager::::::::
	cpe:2.3:a:ibm:rational_rhapsody_design_manager::::::::
	cpe:2.3:a:ibm:rational_software_architect_design_manager::::::::
	cpe:2.3:a:ibm:rational_software_architect_design_manager::::::::

References

Link	Resource
http://www.ibm.com/support/docview.wss?uid=ibm10716029	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/143500	VDB Entry Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2018-07-16T00:00:00

Updated: 2018-07-19T13:57:01

Reserved: 2017-12-13T00:00:00

Link: CVE-2018-1587

JSON object: View

NVD Information

Status : Modified

Published: 2018-07-19T14:29:00.510

Modified: 2019-10-09T23:38:41.947

Link: CVE-2018-1587

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "Rational Software Architect Design Manager", "vendor": "IBM", "versions": [{"status": "affected", "version": "5.0"}, {"status": "affected", "version": "5.0.2"}, {"status": "affected", "version": "5.0.1"}, {"status": "affected", "version": "6.0"}, {"status": "affected", "version": "6.0.1"}]}, {"product": "Rational Rhapsody Design Manager", "vendor": "IBM", "versions": [{"status": "affected", "version": "5.0"}, {"status": "affected", "version": "5.0.2"}, {"status": "affected", "version": "5.0.1"}, {"status": "affected", "version": "6.0"}, {"status": "affected", "version": "6.0.1"}, {"status": "affected", "version": "6.0.2"}, {"status": "affected", "version": "6.0.3"}, {"status": "affected", "version": "6.0.4"}, {"status": "affected", "version": "6.0.5"}]}], "datePublic": "2018-07-16T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 could reveal technical error messages to allow an adversary to gain information about the application and database that could be used to conduct further attacks. IBM X-Force ID: 143500."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.8, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Obtain Information", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-07-19T13:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "ibm-rhapsody-cve20181587-info-disc(143500)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143500"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716029"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2018-07-16T00:00:00", "ID": "CVE-2018-1587", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Rational Software Architect Design Manager", "version": {"version_data": [{"version_value": "5.0"}, {"version_value": "5.0.2"}, {"version_value": "5.0.1"}, {"version_value": "6.0"}, {"version_value": "6.0.1"}]}}, {"product_name": "Rational Rhapsody Design Manager", "version": {"version_data": [{"version_value": "5.0"}, {"version_value": "5.0.2"}, {"version_value": "5.0.1"}, {"version_value": "6.0"}, {"version_value": "6.0.1"}, {"version_value": "6.0.2"}, {"version_value": "6.0.3"}, {"version_value": "6.0.4"}, {"version_value": "6.0.5"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 could reveal technical error messages to allow an adversary to gain information about the application and database that could be used to conduct further attacks. IBM X-Force ID: 143500."}]}, "impact": {"cvssv3": {"BM": {"A": "N", "AC": "L", "AV": "N", "C": "L", "I": "N", "PR": "L", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Obtain Information"}]}]}, "references": {"reference_data": [{"name": "ibm-rhapsody-cve20181587-info-disc(143500)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143500"}, {"name": "http://www.ibm.com/support/docview.wss?uid=ibm10716029", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716029"}]}}}}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2018-1587", "datePublished": "2018-07-16T00:00:00", "dateReserved": "2017-12-13T00:00:00", "dateUpdated": "2018-07-19T13:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "B07DA35D-2527-4DE8-97F1-9FC1C48255EE", "versionEndIncluding": "5.0.2", "versionStartIncluding": "5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B2601D1-4D55-4B4A-9CED-CF736270E63F", "versionEndIncluding": "6.0.5", "versionStartIncluding": "6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "1113669B-B338-4ABD-9A34-B57880020C84", "versionEndIncluding": "5.0.2", "versionStartIncluding": "5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "A237ED01-A834-46B3-9396-6BA0EFF2B27A", "versionEndIncluding": "6.0.1", "versionStartIncluding": "6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 could reveal technical error messages to allow an adversary to gain information about the application and database that could be used to conduct further attacks. IBM X-Force ID: 143500."}, {"lang": "es", "value": "IBM Rational Rhapsody Design Manager desde la versi\u00f3n 5.0 hasta la 5.0.2 y desde la versi\u00f3n 6.0 hasta la 6.0.5 y IBM Rational Software Architect Design Manager desde la versi\u00f3n 5.0 hasta la 5.0.2 y desde la versi\u00f3n 6.0 hasta la 6.0.1 podr\u00edan revelar mensajes de error t\u00e9cnico para permitir que un adversario obtenga informaci\u00f3n sobre la aplicaci\u00f3n y la base de datos que pueda emplearse para llevar a cabo m\u00e1s ataques. IBM X-Force ID: 143500."}], "id": "CVE-2018-1587", "lastModified": "2019-10-09T23:38:41.947", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Secondary"}]}, "published": "2018-07-19T14:29:00.510", "references": [{"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716029"}, {"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/143500"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}