CVE-2014-3037

{"id": "CVE-2014-3037", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-09-10T10:55:07.113", "references": [{"url": "http://secunia.com/advisories/60649", "source": "psirt@us.ibm.com"}, {"url": "http://secunia.com/advisories/61071", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682120", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securityfocus.com/bid/69658", "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93303", "source": "psirt@us.ibm.com"}, {"url": "http://secunia.com/advisories/60649", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/61071", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682120", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/69658", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93303", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in IBM Configuration Management Application (aka VVC) in IBM Rational Engineering Lifecycle Manager before 4.0.7 and 5.x before 5.0.1, Rational Software Architect Design Manager before 4.0.7 and 5.x before 5.0.1, and Rational Rhapsody Design Manager before 4.0.7 and 5.x before 5.0.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences."}, {"lang": "es", "value": "Vulnerabilidad de CSRF en IBM Configuration Management Application (tambi\u00e9n conocido como VVC) en IBM Rational Engineering Lifecycle Manager anterior a 4.0.7 y 5.x anterior a 5.0.1, Rational Software Architect Design Manager anterior a 4.0.7 y 5.x anterior a 5.0.1, y Rational Rhapsody Design Manager anterior a 4.0.7 y 5.x anterior a 5.0.1 permite a usuarios remotos autenticados secuestrar la autenticaci\u00f3n de usuarios arbitrarios para solicitudes que insertan secuencias de XSS."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FDAA7F3-B666-485D-B35A-6C095A729D2E", "versionEndIncluding": "4.0.6"}, {"criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF445BA2-BD53-43FB-BF1E-58510FC4FF3B"}, {"criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:3.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA18DE5C-904D-4FD0-A479-18314B170ACB"}, {"criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "890ABCC2-F417-4E6E-A0A8-7D485FAE3FA1"}, {"criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46883130-F370-406C-A8E8-213399F2EE47"}, {"criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A13CE71-BEC0-4DEC-9CF7-183672F6729D"}, {"criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DB2451D-F31E-4CF6-8E61-2970A4FB174D"}, {"criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01A27F4B-0ED9-479F-B91B-FCB514CF1D1B"}, {"criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EEAF452F-94AB-4857-BCD6-AE5251C61526"}, {"criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7596E71E-4507-4EFC-ABF9-41D8FD338CC3"}, {"criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B12D7433-30F0-427F-BF82-0AAD492CE35D"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFE97777-956C-4D24-866B-520A4315EFBB", "versionEndIncluding": "4.06"}, {"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B30003D-1BF8-414D-9D6D-9D1B90D4EBB3"}, {"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:1.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6B5AC6B-5DCB-458C-8267-6AF5CC9C3E44"}, {"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6ECCE2F-893B-496A-AFBE-179A8CC29651"}, {"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73B56BB0-7779-4FF5-82A9-A81F9813FD00"}, {"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "618EDC12-6763-4AD4-9498-5AF28C8DE0D0"}, {"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE1738F8-EECC-46C9-AE0C-46E8E4B2AC5E"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A67F9944-5387-45AF-9FC6-6D04D1CAC5CF", "versionEndIncluding": "4.0.6"}, {"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D5C2251-FB5D-4775-BDB8-6115732E6615"}, {"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB05DAD7-F6DB-4441-B9D4-BD0F1BD1DF25"}, {"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FC3B8F6-F9D7-454C-B7A2-732B6708AF04"}, {"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6B4FF44-507B-4F2E-9C7C-4D8A046542D1"}, {"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF1DD60E-3E2C-4F42-9892-B031CB3B570D"}, {"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6504477B-9BF5-49F6-8E3A-9B07B30895B8"}, {"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0C4948B-69C4-4CAF-808E-426483ED0622"}, {"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C297440-406F-4508-9D8D-92F79DF91C4A"}, {"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2654BDE-3134-4653-B472-995B02E9B841"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}