Vulnerabilites related to ibm - engineering_systems_design_rhapsody
Vulnerability from fkie_nvd
Published
2025-07-23 15:15
Modified
2025-08-07 14:41
Severity ?
Summary
IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7240368 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | engineering_systems_design_rhapsody | 9.0.2 | |
| ibm | engineering_systems_design_rhapsody | 10.0 | |
| ibm | engineering_systems_design_rhapsody | 10.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_systems_design_rhapsody:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "64C85F02-6144-4DCF-A6F8-712547BFB741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_systems_design_rhapsody:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CD01272-AA22-450C-9DB1-0237E228956B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_systems_design_rhapsody:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8BC9B2A1-D4AA-4739-AD52-6BA029A724EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system."
},
{
"lang": "es",
"value": "IBM Engineering Systems Design Rhapsody 9.0.2, 10.0 y 10.0.1 es vulnerable a un desbordamiento de b\u00fafer basado en la pila, causado por una comprobaci\u00f3n incorrecta de los l\u00edmites. Un usuario local podr\u00eda desbordar el b\u00fafer y ejecutar c\u00f3digo arbitrario en el sistema."
}
],
"id": "CVE-2025-33076",
"lastModified": "2025-08-07T14:41:12.913",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
},
"published": "2025-07-23T15:15:31.397",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7240368"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-23 15:15
Modified
2025-08-07 14:40
Severity ?
Summary
IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7240375 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | engineering_systems_design_rhapsody | 9.0.2 | |
| ibm | engineering_systems_design_rhapsody | 10.0 | |
| ibm | engineering_systems_design_rhapsody | 10.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_systems_design_rhapsody:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "64C85F02-6144-4DCF-A6F8-712547BFB741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_systems_design_rhapsody:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CD01272-AA22-450C-9DB1-0237E228956B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_systems_design_rhapsody:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8BC9B2A1-D4AA-4739-AD52-6BA029A724EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system."
},
{
"lang": "es",
"value": "IBM Engineering Systems Design Rhapsody 9.0.2, 10.0 y 10.0.1 es vulnerable a un desbordamiento de b\u00fafer basado en la pila, causado por una comprobaci\u00f3n incorrecta de los l\u00edmites. Un usuario local podr\u00eda desbordar el b\u00fafer y ejecutar c\u00f3digo arbitrario en el sistema."
}
],
"id": "CVE-2025-33077",
"lastModified": "2025-08-07T14:40:39.193",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
},
"published": "2025-07-23T15:15:31.540",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7240375"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-23 15:15
Modified
2025-08-11 18:56
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensitive information.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7240374 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | engineering_systems_design_rhapsody | 9.0.2 | |
| ibm | engineering_systems_design_rhapsody | 10.0 | |
| ibm | engineering_systems_design_rhapsody | 10.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_systems_design_rhapsody:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "64C85F02-6144-4DCF-A6F8-712547BFB741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_systems_design_rhapsody:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CD01272-AA22-450C-9DB1-0237E228956B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_systems_design_rhapsody:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8BC9B2A1-D4AA-4739-AD52-6BA029A724EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensitive information."
},
{
"lang": "es",
"value": "IBM Engineering Systems Design Rhapsody 9.0.2, 10.0 y 10.0.1 transmite informaci\u00f3n confidencial sin cifrado, lo que podr\u00eda permitir que un atacante obtenga informaci\u00f3n altamente confidencial."
}
],
"id": "CVE-2025-33020",
"lastModified": "2025-08-11T18:56:26.707",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-07-23T15:15:31.247",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7240374"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-311"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-22 12:15
Modified
2025-08-15 17:34
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7172535 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | engineering_systems_design_rhapsody | 7.0.2 | |
| ibm | engineering_systems_design_rhapsody | 7.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:engineering_systems_design_rhapsody:7.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "2C1CECEC-0D44-4FB2-AB4D-EB895FDE7519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:engineering_systems_design_rhapsody:7.0.3:-:*:*:*:*:*:*",
"matchCriteriaId": "210FCD6F-FDD5-469B-80D9-10B0199F01DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3\u00a0could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code."
},
{
"lang": "es",
"value": "IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 y 7.0.3 podr\u00eda permitir que un atacante remoto eluda las restricciones de seguridad provocadas por una condici\u00f3n de ejecuci\u00f3n. Al enviar una solicitud especialmente manipulada, un atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo de forma remota."
}
],
"id": "CVE-2024-41779",
"lastModified": "2025-08-15T17:34:52.670",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-11-22T12:15:18.987",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7172535"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
CVE-2025-33077 (GCVE-0-2025-33077)
Vulnerability from cvelistv5
Published
2025-07-23 14:49
Modified
2025-08-18 01:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Summary
IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Systems Design Rhapsody |
Version: 9.0.2, 10.0, 10.0.1 cpe:2.3:a:ibm:rhapsody_design_manager:9.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:rhapsody_design_manager:10.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:rhapsody_design_manager:10.0.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33077",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T03:55:28.234Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:rhapsody_design_manager:9.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:rhapsody_design_manager:10.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:rhapsody_design_manager:10.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Engineering Systems Design Rhapsody",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.2, 10.0, 10.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system."
}
],
"value": "IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T01:31:24.100Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240375"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Engineering Systems Design Rhapsody 9.0.2 iFix004\u003cbr\u003eIBM Engineering Systems Design Rhapsody 10.0 iFix002\u003cbr\u003eIBM Engineering Systems Design Rhapsody 10.0.1 iFix003\u003cbr\u003e"
}
],
"value": "IBM Engineering Systems Design Rhapsody 9.0.2 iFix004\nIBM Engineering Systems Design Rhapsody 10.0 iFix002\nIBM Engineering Systems Design Rhapsody 10.0.1 iFix003"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Engineering Systems Design Rhapsody code execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33077",
"datePublished": "2025-07-23T14:49:24.439Z",
"dateReserved": "2025-04-15T17:50:20.368Z",
"dateUpdated": "2025-08-18T01:31:24.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-33076 (GCVE-0-2025-33076)
Vulnerability from cvelistv5
Published
2025-07-23 14:48
Modified
2025-08-18 13:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Summary
IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Systems Design Rhapsody |
Version: 9.0.2 Version: 10.0 Version: 10.0.1 cpe:2.3:a:ibm:rhapsody_design_manager:9.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:rhapsody_design_manager:10.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:rhapsody_design_manager:10.0.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33076",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T03:55:27.064Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:rhapsody_design_manager:9.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:rhapsody_design_manager:10.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:rhapsody_design_manager:10.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Engineering Systems Design Rhapsody",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.2"
},
{
"status": "affected",
"version": "10.0"
},
{
"status": "affected",
"version": "10.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system."
}
],
"value": "IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T13:28:23.320Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240368"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Engineering Systems Design Rhapsody 9.0.2 iFix004\u003cbr\u003eIBM Engineering Systems Design Rhapsody 10.0 iFix002\u003cbr\u003eIBM Engineering Systems Design Rhapsody 10.0.1 iFix003\u003cbr\u003e"
}
],
"value": "IBM Engineering Systems Design Rhapsody 9.0.2 iFix004\nIBM Engineering Systems Design Rhapsody 10.0 iFix002\nIBM Engineering Systems Design Rhapsody 10.0.1 iFix003"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Engineering Systems Design Rhapsody code execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33076",
"datePublished": "2025-07-23T14:48:55.647Z",
"dateReserved": "2025-04-15T17:50:20.368Z",
"dateUpdated": "2025-08-18T13:28:23.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-33020 (GCVE-0-2025-33020)
Vulnerability from cvelistv5
Published
2025-07-23 14:47
Modified
2025-08-18 01:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-311 - Missing Encryption of Sensitive Data
Summary
IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensitive information.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Systems Design Rhapsody |
Version: 9.0.2, 10.0, 10.0.1 cpe:2.3:a:ibm:rhapsody_design_manager:9.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:rhapsody_design_manager:10.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:rhapsody_design_manager:10.0.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33020",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T15:19:37.960391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T15:19:44.640Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:rhapsody_design_manager:9.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:rhapsody_design_manager:10.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:rhapsody_design_manager:10.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Engineering Systems Design Rhapsody",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.2, 10.0, 10.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensitive information."
}
],
"value": "IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311 Missing Encryption of Sensitive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T01:31:04.799Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240374"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Engineering Systems Design Rhapsody 9.0.2 iFix004\u003cbr\u003eIBM Engineering Systems Design Rhapsody 10.0 iFix002\u003cbr\u003eIBM Engineering Systems Design Rhapsody 10.0.1 iFix003\u003cbr\u003e"
}
],
"value": "IBM Engineering Systems Design Rhapsody 9.0.2 iFix004\nIBM Engineering Systems Design Rhapsody 10.0 iFix002\nIBM Engineering Systems Design Rhapsody 10.0.1 iFix003"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Engineering Systems Design Rhapsody information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33020",
"datePublished": "2025-07-23T14:47:29.357Z",
"dateReserved": "2025-04-15T09:48:51.520Z",
"dateUpdated": "2025-08-18T01:31:04.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41779 (GCVE-0-2024-41779)
Vulnerability from cvelistv5
Published
2024-11-22 12:02
Modified
2024-11-22 15:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Summary
IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Systems Design Rhapsody - Model Manager |
Version: 7.0.2, 7.0.3 cpe:2.3:a:ibm:rhapsody_model_manager:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:rhapsody_model_manager:7.0.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41779",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-22T15:34:12.129640Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T15:34:18.819Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:rhapsody_model_manager:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:rhapsody_model_manager:7.0.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Engineering Systems Design Rhapsody - Model Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.2, 7.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3\u0026nbsp;could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code.\u003c/span\u003e"
}
],
"value": "IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3\u00a0could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T12:02:49.422Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7172535"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Engineering Systems Design Rhapsody - Model Manager",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-41779",
"datePublished": "2024-11-22T12:02:49.422Z",
"dateReserved": "2024-07-22T12:03:08.191Z",
"dateUpdated": "2024-11-22T15:34:18.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}