IBM Rational Software Architect Design Manager and Rhapsody Design Manager < 4.0.7 Unspecified Vulnerability

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by an unspecified vulnerability.

Description :

The remote host is running a version of IBM Rational Software
Architect Design Manager or IBM Rhapsody Design Manager that is
affected by the following vulnerabilities :

- An unspecified vulnerability exists that allows a
remote, authenticated attacker to provision an arbitrary
update site into the Design Manager code. Only Rational
Software Architect Design Manager 4.0.6 is affected by
this vulnerability. (CVE-2014-0947)

- An unspecified vulnerability exists that allows a
remote, authenticated attacker to upload malicious ZIP
files. (CVE-2014-0948)

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg21678323

Solution :

Upgrade to IBM Rational Software Architect Design Manager / Rhapsody
Design Manager version 4.0.7 or later.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 5.2
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 77604 ()

Bugtraq ID: 68785
68786

CVE ID: CVE-2014-0947
CVE-2014-0948

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now