CVE-2017-1700

IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) could allow an authenticated user to cause a denial of service due to incorrect authorization for resource intensive scenarios. IBM X-Force ID: 134392.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.0 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.ibm.com/support/docview.wss?uid=swg22015635	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/134392	VDB Entry Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg22015635	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/134392	VDB Entry Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:rational_collaborative_lifecycle_management::::::::
	cpe:2.3:a:ibm:rational_doors_next_generation::::::::
	cpe:2.3:a:ibm:rational_doors_next_generation::::::::
	cpe:2.3:a:ibm:rational_engineering_lifecycle_manager::::::::
	cpe:2.3:a:ibm:rational_engineering_lifecycle_manager::::::::
	cpe:2.3:a:ibm:rational_quality_manager::::::::
	cpe:2.3:a:ibm:rational_quality_manager::::::::
	cpe:2.3:a:ibm:rational_rhapsody_design_manager::::::::
	cpe:2.3:a:ibm:rational_rhapsody_design_manager::::::::
	cpe:2.3:a:ibm:rational_software_architect_design_manager::::::::
	cpe:2.3:a:ibm:rational_software_architect_design_manager::::::::
	cpe:2.3:a:ibm:rational_team_concert::::::::
	cpe:2.3:a:ibm:rational_team_concert::::::::

History

21 Nov 2024, 03:22

Type	Values Removed	Values Added
References	~~() http://www.ibm.com/support/docview.wss?uid=swg22015635 - Vendor Advisory~~	() http://www.ibm.com/support/docview.wss?uid=swg22015635 - Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/134392 - VDB Entry, Vendor Advisory~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/134392 - VDB Entry, Vendor Advisory

Information

Published : 2018-04-24 14:29

Updated : 2024-11-21 03:22

NVD link : CVE-2017-1700

Mitre link : CVE-2017-1700

CVE.ORG link : CVE-2017-1700

JSON object : View

Products Affected

ibm

rational_team_concert
rational_software_architect_design_manager
rational_rhapsody_design_manager
rational_engineering_lifecycle_manager
rational_collaborative_lifecycle_management
rational_doors_next_generation
rational_quality_manager

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2017-1700", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2018-04-24T14:29:00.233", "references": [{"url": "http://www.ibm.com/support/docview.wss?uid=swg22015635", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134392", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.ibm.com/support/docview.wss?uid=swg22015635", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134392", "tags": ["VDB Entry", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) could allow an authenticated user to cause a denial of service due to incorrect authorization for resource intensive scenarios. IBM X-Force ID: 134392."}, {"lang": "es", "value": "IBM Jazz Team Server afecta a los siguientes productos IBM Rational: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM) y Rational Software Architect (RSA DM), que podr\u00edan permitir que un usuario autenticado provoque una denegaci\u00f3n de servicio (DoS) debido a la autorizaci\u00f3n incorrecta para los escenarios que emplean una cantidad intensa de recursos. IBM X-Force ID: 134392."}], "lastModified": "2024-11-21T03:22:14.527", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50F8C5C0-7688-42E8-862B-3CB138274858", "versionEndIncluding": "6.0.5", "versionStartExcluding": "5.0"}, {"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E64000F3-395D-4826-92DD-DB2489470462", "versionEndIncluding": "5.0.2", "versionStartIncluding": "5.0"}, {"criteria": "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE15C4BA-1322-4EF3-83D3-F78B9D37E81C", "versionEndIncluding": "6.0.5", "versionStartIncluding": "6.0"}, {"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F767CA4-A024-44A4-A987-17057E1A6245", "versionEndIncluding": "5.0.2", "versionStartIncluding": "5.0"}, {"criteria": "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B398352-76E1-4727-B34C-620F26CBD5BF", "versionEndIncluding": "6.0.5", "versionStartIncluding": "6.0"}, {"criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "886BE49D-114F-4BF7-BE5C-2EEFA44CAFD6", "versionEndIncluding": "5.0.2", "versionStartIncluding": "5.0"}, {"criteria": "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1428CCDC-D542-4983-B035-66FC28E5FF6A", "versionEndIncluding": "6.0.5", "versionStartIncluding": "6.0"}, {"criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B07DA35D-2527-4DE8-97F1-9FC1C48255EE", "versionEndIncluding": "5.0.2", "versionStartIncluding": "5.0"}, {"criteria": "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B2601D1-4D55-4B4A-9CED-CF736270E63F", "versionEndIncluding": "6.0.5", "versionStartIncluding": "6.0"}, {"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1113669B-B338-4ABD-9A34-B57880020C84", "versionEndIncluding": "5.0.2", "versionStartIncluding": "5.0"}, {"criteria": "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A237ED01-A834-46B3-9396-6BA0EFF2B27A", "versionEndIncluding": "6.0.1", "versionStartIncluding": "6.0"}, {"criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A559F0D7-DFB9-4CBB-8F64-EE7FE1B4DFE5", "versionEndIncluding": "5.0.2", "versionStartIncluding": "5.0"}, {"criteria": "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8934D3C7-2C1C-4BE0-B3F5-320364879DC3", "versionEndIncluding": "6.0.5", "versionStartIncluding": "6.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2017-1700

6.5^/10

4.0^/10

Attach tags to `CVE-2017-1700`