Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cnvd-2019-01573
Vulnerability from cnvd
Title: 多款IBM产品信息泄露漏洞(CNVD-2019-01573)
Description:
IBM Rhapsody Model Manager是美国IBM公司的一套协作设计模型管理软件。该软件支持使用中央系统存储库存储、共享、搜索和管理设计模型以及软件自动化的设计评审等。
IBM Rhapsody Model Manager中存在信息泄露漏洞。远程攻击者可通过实施中间人攻击利用该漏洞获取敏感信息。
Severity: 中
Patch Name: 多款IBM产品信息泄露漏洞(CNVD-2019-01573)的补丁
Patch Description:
IBM Rhapsody Model Manager是美国IBM公司的一套协作设计模型管理软件。该软件支持使用中央系统存储库存储、共享、搜索和管理设计模型以及软件自动化的设计评审等。
IBM Rhapsody Model Manager中存在信息泄露漏洞。远程攻击者可通过实施中间人攻击利用该漏洞获取敏感信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: http://www.ibm.com/support/docview.wss?uid=ibm10738301
Reference: http://www.ibm.com/support/docview.wss?uid=ibm10738301
Impacted products
| Name | ['IBM Rational Quality Manager 5.0 - 5.0.2', 'IBM Rational DOORS Next Generation 5.0 - 5.0.2', 'IBM Rational Engineering Lifecycle Manager 5.0 - 5.0.2', 'IBM Rational Rhapsody Design Manager 5.0 - 5.0.2', 'IBM Rational Software Architect Design Manager 5.0 - 5.0.2', 'IBM Rational Team Concert 5.0 - 5.0.2', 'IBM Rational Quality Manager 6.0', 'IBM Rational Software Architect Design Manager >=6.0,<=6.0.1', 'IBM Rational Engineering Lifecycle Manager >=6.0,<=6.0.6', 'IBM Rational DOORS Next Generation >=6.0,<=6.0.6', 'IBM Rational Collaborative Lifecycle Management >=5.0,<=6.0.6', 'IBM Rational Team Concert >=6.0,<=6.0.6', 'IBM Rational Rhapsody Design Manager >=6.0,<=6.0.6', 'IBM Rational Quality Manager 6.0.6'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-1694",
"cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1694"
}
},
"description": "IBM Rhapsody Model Manager\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u534f\u4f5c\u8bbe\u8ba1\u6a21\u578b\u7ba1\u7406\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u652f\u6301\u4f7f\u7528\u4e2d\u592e\u7cfb\u7edf\u5b58\u50a8\u5e93\u5b58\u50a8\u3001\u5171\u4eab\u3001\u641c\u7d22\u548c\u7ba1\u7406\u8bbe\u8ba1\u6a21\u578b\u4ee5\u53ca\u8f6f\u4ef6\u81ea\u52a8\u5316\u7684\u8bbe\u8ba1\u8bc4\u5ba1\u7b49\u3002\n\nIBM Rhapsody Model Manager\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5b9e\u65bd\u4e2d\u95f4\u4eba\u653b\u51fb\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
"discovererName": "IBM",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5:\r\nhttp://www.ibm.com/support/docview.wss?uid=ibm10738301",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-01573",
"openTime": "2019-01-11",
"patchDescription": "IBM Rhapsody Model Manager\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u534f\u4f5c\u8bbe\u8ba1\u6a21\u578b\u7ba1\u7406\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u652f\u6301\u4f7f\u7528\u4e2d\u592e\u7cfb\u7edf\u5b58\u50a8\u5e93\u5b58\u50a8\u3001\u5171\u4eab\u3001\u641c\u7d22\u548c\u7ba1\u7406\u8bbe\u8ba1\u6a21\u578b\u4ee5\u53ca\u8f6f\u4ef6\u81ea\u52a8\u5316\u7684\u8bbe\u8ba1\u8bc4\u5ba1\u7b49\u3002\r\n\r\nIBM Rhapsody Model Manager\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5b9e\u65bd\u4e2d\u95f4\u4eba\u653b\u51fb\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "\u591a\u6b3eIBM\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2019-01573\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"IBM Rational Quality Manager 5.0 - 5.0.2",
"IBM Rational DOORS Next Generation 5.0 - 5.0.2",
"IBM Rational Engineering Lifecycle Manager 5.0 - 5.0.2",
"IBM Rational Rhapsody Design Manager 5.0 - 5.0.2",
"IBM Rational Software Architect Design Manager 5.0 - 5.0.2",
"IBM Rational Team Concert 5.0 - 5.0.2",
"IBM Rational Quality Manager 6.0",
"IBM Rational Software Architect Design Manager \u003e=6.0\uff0c\u003c=6.0.1",
"IBM Rational Engineering Lifecycle Manager \u003e=6.0\uff0c\u003c=6.0.6",
"IBM Rational DOORS Next Generation \u003e=6.0\uff0c\u003c=6.0.6",
"IBM Rational Collaborative Lifecycle Management \u003e=5.0\uff0c\u003c=6.0.6",
"IBM Rational Team Concert \u003e=6.0\uff0c\u003c=6.0.6",
"IBM Rational Rhapsody Design Manager \u003e=6.0\uff0c\u003c=6.0.6",
"IBM Rational Quality Manager 6.0.6"
]
},
"referenceLink": "http://www.ibm.com/support/docview.wss?uid=ibm10738301",
"serverity": "\u4e2d",
"submitTime": "2018-11-07",
"title": "\u591a\u6b3eIBM\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2019-01573\uff09"
}
CVE-2018-1694 (GCVE-0-2018-1694)
Vulnerability from cvelistv5
Published
2018-11-06 16:00
Modified
2024-09-17 00:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 145609.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/145609 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/support/docview.wss?uid=ibm10738301 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Rational Team Concert |
Version: 5.0 Version: 6.0 Version: 6.0.1 Version: 6.0.2 Version: 6.0.3 Version: 6.0.4 Version: 6.0.5 Version: 6.0.6 Version: 5.01 Version: 5.02 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-jazz-cve20181694-info-disc(145609)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145609"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10738301"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rational Team Concert",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.3"
},
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "5.01"
},
{
"status": "affected",
"version": "5.02"
}
]
},
{
"product": "Rational Software Architect Design Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "5.01"
},
{
"status": "affected",
"version": "5.02"
}
]
},
{
"product": "Rational DOORS Next Generation",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.3"
},
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "5.01"
},
{
"status": "affected",
"version": "5.02"
}
]
},
{
"product": "Rational Collaborative Lifecycle Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.3"
},
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "5.01"
},
{
"status": "affected",
"version": "5.02"
}
]
},
{
"product": "Rational Rhapsody Design Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.3"
},
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "5.01"
},
{
"status": "affected",
"version": "5.02"
}
]
},
{
"product": "Rational Quality Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.3"
},
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "5.01"
},
{
"status": "affected",
"version": "5.02"
}
]
},
{
"product": "Rational Engineering Lifecycle Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.3"
},
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "5.01"
},
{
"status": "affected",
"version": "5.02"
}
]
}
],
"datePublic": "2018-11-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 145609."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:H/AV:N/C:H/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-06T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-jazz-cve20181694-info-disc(145609)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145609"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10738301"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-11-02T00:00:00",
"ID": "CVE-2018-1694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Team Concert",
"version": {
"version_data": [
{
"version_value": "5.0"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.0.6"
},
{
"version_value": "5.01"
},
{
"version_value": "5.02"
}
]
}
},
{
"product_name": "Rational Software Architect Design Manager",
"version": {
"version_data": [
{
"version_value": "5.0"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "5.01"
},
{
"version_value": "5.02"
}
]
}
},
{
"product_name": "Rational DOORS Next Generation",
"version": {
"version_data": [
{
"version_value": "5.0"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.0.6"
},
{
"version_value": "5.01"
},
{
"version_value": "5.02"
}
]
}
},
{
"product_name": "Rational Collaborative Lifecycle Management",
"version": {
"version_data": [
{
"version_value": "5.0"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.0.6"
},
{
"version_value": "5.01"
},
{
"version_value": "5.02"
}
]
}
},
{
"product_name": "Rational Rhapsody Design Manager",
"version": {
"version_data": [
{
"version_value": "5.0"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.0.6"
},
{
"version_value": "5.01"
},
{
"version_value": "5.02"
}
]
}
},
{
"product_name": "Rational Quality Manager",
"version": {
"version_data": [
{
"version_value": "5.0"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.0.6"
},
{
"version_value": "5.01"
},
{
"version_value": "5.02"
}
]
}
},
{
"product_name": "Rational Engineering Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "5.0"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.0.6"
},
{
"version_value": "5.01"
},
{
"version_value": "5.02"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 145609."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-jazz-cve20181694-info-disc(145609)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145609"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10738301",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10738301"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1694",
"datePublished": "2018-11-06T16:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T00:40:43.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…