8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:P/I:N/A:C
XML content of review comments and OSLC links can be altered to harm RSA DM server responsiveness.
CVEID: CVE-2016-8974 Description: IBM Rhapsody DM is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. CVSS Base Score: 7.1 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118911> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)
CVEID: CVE-2016-9698 Description: IBM Rhapsody DM is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. CVSS Base Score: 7.1 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119522> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)
IBM Rational Software Architect Design Manager 4.0.0 - 4.0.7
IBM Rational Software Architect Design Manager 5.0.0 - 5.0.2
IBM Rational Software Architect Design Manager 6.0.0 - 6.0.2
For IBM Rational Software Architect Design Manager version 4.0.0 - 4.0.7 contact IBM Support.
For IBM Rational Software Architect Design Manager version 5.0.0 - 5.0.1 upgrade to version 5.0.2 and apply 5.0.2 iFix011a.
For IBM Rational Software Architect Design Manager version 6.0.0 - 6.0.1 upgrade to version 6.0.2 and apply 6.0.2 iFix003a.
None.
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:P/I:N/A:C