Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 3 |
CVE-ID | CVE-2015-0250 CVE-2018-8013 CVE-2017-5662 |
CWE-ID | CWE-20 CWE-502 CWE-611 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
IBM Engineering Systems Design Rhapsody Other software / Other software solutions |
Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
EUVDB-ID: #VU78255
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2015-0250
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows remote attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can read arbitrary files or cause a denial of service via a crafted SVG file.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Engineering Systems Design Rhapsody: before 9.0.1.0.5
CPE2.3 External linkshttp://www.ibm.com/support/pages/node/7011739
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13059
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-8013
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to insufficient validation of user-supplied data. A remote attacker can supply specially crafted data, trigger a deserialization error in a subclass of 'AbstractDocuent' and access potentially sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Engineering Systems Design Rhapsody: before 9.0.1.0.5
CPE2.3 External linkshttp://www.ibm.com/support/pages/node/7011739
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU13180
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-5662
CWE-ID:
CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to conduct XXE-attack on the target system.
The weakness exists due to improper restriction of XML external entity references. A remote attacker can supply specially crafted xml document to gain access to arbitrary files or conduct amplification attack to cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsIBM Engineering Systems Design Rhapsody: before 9.0.1.0.5
CPE2.3 External linkshttp://www.ibm.com/support/pages/node/7011739
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.