Vulnerabilites related to IBM - Engineering Systems Design Rhapsody
CVE-2025-33077 (GCVE-0-2025-33077)
Vulnerability from cvelistv5
Published
2025-07-23 14:49
Modified
2025-08-18 01:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Summary
IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Systems Design Rhapsody |
Version: 9.0.2, 10.0, 10.0.1 cpe:2.3:a:ibm:rhapsody_design_manager:9.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:rhapsody_design_manager:10.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:rhapsody_design_manager:10.0.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33077",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T03:55:28.234Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:rhapsody_design_manager:9.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:rhapsody_design_manager:10.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:rhapsody_design_manager:10.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Engineering Systems Design Rhapsody",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.2, 10.0, 10.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system."
}
],
"value": "IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T01:31:24.100Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240375"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Engineering Systems Design Rhapsody 9.0.2 iFix004\u003cbr\u003eIBM Engineering Systems Design Rhapsody 10.0 iFix002\u003cbr\u003eIBM Engineering Systems Design Rhapsody 10.0.1 iFix003\u003cbr\u003e"
}
],
"value": "IBM Engineering Systems Design Rhapsody 9.0.2 iFix004\nIBM Engineering Systems Design Rhapsody 10.0 iFix002\nIBM Engineering Systems Design Rhapsody 10.0.1 iFix003"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Engineering Systems Design Rhapsody code execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33077",
"datePublished": "2025-07-23T14:49:24.439Z",
"dateReserved": "2025-04-15T17:50:20.368Z",
"dateUpdated": "2025-08-18T01:31:24.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-33020 (GCVE-0-2025-33020)
Vulnerability from cvelistv5
Published
2025-07-23 14:47
Modified
2025-08-18 01:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-311 - Missing Encryption of Sensitive Data
Summary
IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensitive information.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Systems Design Rhapsody |
Version: 9.0.2, 10.0, 10.0.1 cpe:2.3:a:ibm:rhapsody_design_manager:9.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:rhapsody_design_manager:10.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:rhapsody_design_manager:10.0.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33020",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T15:19:37.960391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T15:19:44.640Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:rhapsody_design_manager:9.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:rhapsody_design_manager:10.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:rhapsody_design_manager:10.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Engineering Systems Design Rhapsody",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.2, 10.0, 10.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensitive information."
}
],
"value": "IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311 Missing Encryption of Sensitive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T01:31:04.799Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240374"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Engineering Systems Design Rhapsody 9.0.2 iFix004\u003cbr\u003eIBM Engineering Systems Design Rhapsody 10.0 iFix002\u003cbr\u003eIBM Engineering Systems Design Rhapsody 10.0.1 iFix003\u003cbr\u003e"
}
],
"value": "IBM Engineering Systems Design Rhapsody 9.0.2 iFix004\nIBM Engineering Systems Design Rhapsody 10.0 iFix002\nIBM Engineering Systems Design Rhapsody 10.0.1 iFix003"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Engineering Systems Design Rhapsody information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33020",
"datePublished": "2025-07-23T14:47:29.357Z",
"dateReserved": "2025-04-15T09:48:51.520Z",
"dateUpdated": "2025-08-18T01:31:04.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-33076 (GCVE-0-2025-33076)
Vulnerability from cvelistv5
Published
2025-07-23 14:48
Modified
2025-08-18 13:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Summary
IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Systems Design Rhapsody |
Version: 9.0.2 Version: 10.0 Version: 10.0.1 cpe:2.3:a:ibm:rhapsody_design_manager:9.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:rhapsody_design_manager:10.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:rhapsody_design_manager:10.0.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33076",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T03:55:27.064Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:rhapsody_design_manager:9.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:rhapsody_design_manager:10.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:rhapsody_design_manager:10.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Engineering Systems Design Rhapsody",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.2"
},
{
"status": "affected",
"version": "10.0"
},
{
"status": "affected",
"version": "10.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system."
}
],
"value": "IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T13:28:23.320Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240368"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Engineering Systems Design Rhapsody 9.0.2 iFix004\u003cbr\u003eIBM Engineering Systems Design Rhapsody 10.0 iFix002\u003cbr\u003eIBM Engineering Systems Design Rhapsody 10.0.1 iFix003\u003cbr\u003e"
}
],
"value": "IBM Engineering Systems Design Rhapsody 9.0.2 iFix004\nIBM Engineering Systems Design Rhapsody 10.0 iFix002\nIBM Engineering Systems Design Rhapsody 10.0.1 iFix003"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Engineering Systems Design Rhapsody code execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33076",
"datePublished": "2025-07-23T14:48:55.647Z",
"dateReserved": "2025-04-15T17:50:20.368Z",
"dateUpdated": "2025-08-18T13:28:23.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}