CVE-2018-1587: Infoleak
First published: Thu Jul 19 2018(Updated: )
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 could reveal technical error messages to allow an adversary to gain information about the application and database that could be used to conduct further attacks. IBM X-Force ID: 143500.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Rhapsody Design Manager | >=5.0<=5.0.2 | |
| IBM Rhapsody Design Manager | >=6.0<=6.0.5 | |
| IBM Rational Software Architect Design Manager | >=5.0<=5.0.2 | |
| IBM Rational Software Architect Design Manager | >=6.0<=6.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-1587?
CVE-2018-1587 has been rated as Medium severity due to the potential information disclosure it poses.
How do I fix CVE-2018-1587?
To mitigate CVE-2018-1587, upgrade IBM Rational Rhapsody Design Manager or IBM Rational Software Architect Design Manager to a version above 6.0.5 or 6.0.1 respectively.
What versions are affected by CVE-2018-1587?
CVE-2018-1587 affects IBM Rational Rhapsody Design Manager versions 5.0 to 5.0.2 and 6.0 to 6.0.5, and IBM Rational Software Architect Design Manager versions 5.0 to 5.0.2 and 6.0 to 6.0.1.
What kind of information can be disclosed through CVE-2018-1587?
CVE-2018-1587 may allow adversaries to gain insights into technical error messages, potentially revealing sensitive details about the application and database.
Is there a workaround for CVE-2018-1587 until I can upgrade?
There are no documented workarounds for CVE-2018-1587, so upgrading to a fixed version is the recommended approach.
- agent/references
- agent/type
- agent/softwarecombine
- agent/remedy
- agent/severity
- agent/author
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm rhapsody design manager
- version/ibm rhapsody design manager/5.0
- version/ibm rhapsody design manager/5.0.2
- version/ibm rhapsody design manager/6.0
- version/ibm rhapsody design manager/6.0.5
- canonical/ibm rational software architect design manager
- version/ibm rational software architect design manager/5.0
- version/ibm rational software architect design manager/5.0.2
- version/ibm rational software architect design manager/6.0
- version/ibm rational software architect design manager/6.0.1