Detections
Analytics

IBM Rational Software Architect Design Manager and Rhapsody Design Manager < 4.0.7 Unspecified Vulnerability

medium Nessus Plugin ID 77604

Language:

Synopsis

The remote host is affected by an unspecified vulnerability.

Description

The remote host is running a version of IBM Rational Software Architect Design Manager or IBM Rhapsody Design Manager that is affected by the following vulnerabilities :

 - An unspecified vulnerability exists that allows a remote, authenticated attacker to provision an arbitrary update site into the Design Manager code. Only Rational Software Architect Design Manager 4.0.6 is affected by this vulnerability. (CVE-2014-0947)

 - An unspecified vulnerability exists that allows a remote, authenticated attacker to upload malicious ZIP files. (CVE-2014-0948)

Solution

Upgrade to IBM Rational Software Architect Design Manager / Rhapsody Design Manager version 4.0.7 or later.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg21678323

Plugin Details

Severity: Medium

ID: 77604

File Name: ibm_rational_swg21678323.nasl

Version: 1.3

Type: local

Family: Misc.

Published: 9/10/2014

Updated: 10/23/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 6

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:ibm:rational_software_architect_design_manager, cpe:/a:ibm:rhapsody_design_manager

Exploit Ease: No known exploits are available

Patch Publication Date: 7/18/2014

Vulnerability Publication Date: 7/18/2014

Reference Information

CVE: CVE-2014-0947, CVE-2014-0948

BID: 68785, 68786