Security Bulletin: Vulnerabilities in Rational Software Architect Design Manager, Rhapsody Design Manager (CVE-2012-5081, CVE-2013-0440, CVE-2013-0443)

2018-06-1704:45:48

www.ibm.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Summary

Multiple vulnerabilities in the IBM Java Runtime Environment affect the Jazz Team Server that is shipped with IBM Rational Software Architect Design Manager and IBM Rational Rhapsody Design Manager.

Vulnerability Details

| Subscribe to My Notifications to be notified of important product support alerts like this.

Follow this link for more information (requires login with your IBM ID)
—|—

CVE ID:CVE-2012-5081

**Description:**A vulnerability in the JDK’s TLS implementation can impact the availability of the Jazz server bundled with Rational Software Architect Design Manager and Rhapsody Design Manager, preventing users from logging in. The attack can be conducted over the internet. No authentication is required for this attack.

CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79435> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE ID:CVE-2013-0440

**Description:**Unspecified vulnerability in Java Runtime Environment allows remote attackers to affect availability via vectors related to JSSE. This vulnerability affects the Jazz server bundled with Rational Software Architect Design Manager and Rhapsody Design Manager.

CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81799> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE ID:CVE-2013-0443

Description: Unspecified vulnerability in Java Runtime Environment allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. This vulnerability affects the Jazz server bundled with Rational Software Architect Design Manager and Rhapsody Design Manager.

CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81801> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

Affected Products and Versions

Rational Software Architect Design Manager versions 3.0, 3.0.0.1, 3.0.1, 4.0, 4.0.1, 4.0.2.

Rhapsody Design Manager versions 3.0, 3.0.0.1, 3.0.1, 4.0, 4.0.1, 4.0.2.

Remediation/Fixes

Upgrade to the following release:

Workarounds and Mitigations

None

CPENameOperatorVersion
rational software architect design managereq3.0
rational software architect design managereq3.0.0.1
rational software architect design managereq3.0.1
rational software architect design managereq4.0
rational software architect design managereq4.0.1
rational software architect design managereq4.0.2
rational rhapsody design managereq3.0
rational rhapsody design managereq3.0.0.1
rational rhapsody design managereq3.0.1
rational rhapsody design managereq4.0

Name	Operator	Version
rational software architect design manager	eq	3.0
rational software architect design manager	eq	3.0.0.1
rational software architect design manager	eq	3.0.1
rational software architect design manager	eq	4.0
rational software architect design manager	eq	4.0.1
rational software architect design manager	eq	4.0.2
rational rhapsody design manager	eq	3.0
rational rhapsody design manager	eq	3.0.0.1
rational rhapsody design manager	eq	3.0.1
rational rhapsody design manager	eq	4.0