Vulnerability Details : CVE-2018-1587
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 could reveal technical error messages to allow an adversary to gain information about the application and database that could be used to conduct further attacks. IBM X-Force ID: 143500.
Vulnerability category: Information leak
Products affected by CVE-2018-1587
- IBM » Rational Software Architect Design ManagerVersions from including (>=) 5.0 and up to, including, (<=) 5.0.2cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*
- IBM » Rational Software Architect Design ManagerVersions from including (>=) 6.0 and up to, including, (<=) 6.0.1cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*
- IBM » Rational Rhapsody Design ManagerVersions from including (>=) 6.0 and up to, including, (<=) 6.0.5cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*
- IBM » Rational Rhapsody Design ManagerVersions from including (>=) 5.0 and up to, including, (<=) 5.0.2cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-1587
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 18 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-1587
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST | |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
IBM Corporation |
CWE ids for CVE-2018-1587
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-1587
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/143500
IBM Rational Rhapsody Design Manager information disclosure CVE-2018-1587 Vulnerability ReportVDB Entry;Vendor Advisory
-
http://www.ibm.com/support/docview.wss?uid=ibm10716029
IBM Security Bulletin: Multiple vulnerabilities affect IBM Rational Design Manager productsPatch;Vendor Advisory
Jump to