CVE-2017-1240

Published: Nov 27, 2017Modified: May 13, 2026

4.3

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359.

Affected (108)

Products: Ibm: Rational Quality Manager, Rational Team Concert, Rational Doors Next Generation, Rational Engineering Lifecycle Manager, Rational Rhapsody Design Manager, Rational Software Architect Design Manager, Rational Collaborative Lifecycle Management

7 products

Rational Quality Manager

Rational Team Concert

Rational Doors Next Generation

Rational Engineering Lifecycle Manager

Rational Rhapsody Design Manager

Rational Software Architect Design Manager

Rational Collaborative Lifecycle Management

Configuration A

18 vulnerable

Vulnerable Software	Affected Versions
Ibm Rational Quality Manager	Version 4.0.0.1
Ibm Rational Quality Manager	Version 4.0.0.2
Ibm Rational Quality Manager	Version 4.0.1
Ibm Rational Quality Manager	Version 4.0.2
Ibm Rational Quality Manager	Version 4.0.3
Ibm Rational Quality Manager	Version 4.0.4
Ibm Rational Quality Manager	Version 4.0.5
Ibm Rational Quality Manager	Version 4.0.6
Ibm Rational Quality Manager	Version 4.0.7
Ibm Rational Quality Manager	Version 4.0
Ibm Rational Quality Manager	Version 5.0.1
Ibm Rational Quality Manager	Version 5.0.2
Ibm Rational Quality Manager	Version 5.0
Ibm Rational Quality Manager	Version 6.0.1
Ibm Rational Quality Manager	Version 6.0.2
Ibm Rational Quality Manager	Version 6.0.3
Ibm Rational Quality Manager	Version 6.0.4
Ibm Rational Quality Manager	Version 6.0

Configuration B

18 vulnerable

Vulnerable Software	Affected Versions
Ibm Rational Team Concert	Version 4.0.0.1
Ibm Rational Team Concert	Version 4.0.0.2
Ibm Rational Team Concert	Version 4.0.1
Ibm Rational Team Concert	Version 4.0.2
Ibm Rational Team Concert	Version 4.0.3
Ibm Rational Team Concert	Version 4.0.4
Ibm Rational Team Concert	Version 4.0.5
Ibm Rational Team Concert	Version 4.0.6
Ibm Rational Team Concert	Version 4.0.7
Ibm Rational Team Concert	Version 4.0
Ibm Rational Team Concert	Version 5.0.1
Ibm Rational Team Concert	Version 5.0.2
Ibm Rational Team Concert	Version 5.0
Ibm Rational Team Concert	Version 6.0.1
Ibm Rational Team Concert	Version 6.0.2
Ibm Rational Team Concert	Version 6.0.3
Ibm Rational Team Concert	Version 6.0.4
Ibm Rational Team Concert	Version 6.0

Configuration C

15 vulnerable

Vulnerable Software	Affected Versions
Ibm Rational Doors Next Generation	Version 4.0.1
Ibm Rational Doors Next Generation	Version 4.0.2
Ibm Rational Doors Next Generation	Version 4.0.3
Ibm Rational Doors Next Generation	Version 4.0.4
Ibm Rational Doors Next Generation	Version 4.0.5
Ibm Rational Doors Next Generation	Version 4.0.6
Ibm Rational Doors Next Generation	Version 4.0.7
Ibm Rational Doors Next Generation	Version 5.0.1
Ibm Rational Doors Next Generation	Version 5.0.2
Ibm Rational Doors Next Generation	Version 5.0
Ibm Rational Doors Next Generation	Version 6.0.1
Ibm Rational Doors Next Generation	Version 6.0.2
Ibm Rational Doors Next Generation	Version 6.0.3
Ibm Rational Doors Next Generation	Version 6.0.4
Ibm Rational Doors Next Generation	Version 6.0

Configuration D

13 vulnerable

Vulnerable Software	Affected Versions
Ibm Rational Engineering Lifecycle Manager	Version 4.0.3
Ibm Rational Engineering Lifecycle Manager	Version 4.0.4
Ibm Rational Engineering Lifecycle Manager	Version 4.0.5
Ibm Rational Engineering Lifecycle Manager	Version 4.0.6
Ibm Rational Engineering Lifecycle Manager	Version 4.0.7
Ibm Rational Engineering Lifecycle Manager	Version 5.0.1
Ibm Rational Engineering Lifecycle Manager	Version 5.0.2
Ibm Rational Engineering Lifecycle Manager	Version 5.0
Ibm Rational Engineering Lifecycle Manager	Version 6.0.1
Ibm Rational Engineering Lifecycle Manager	Version 6.0.2
Ibm Rational Engineering Lifecycle Manager	Version 6.0.3
Ibm Rational Engineering Lifecycle Manager	Version 6.0.4
Ibm Rational Engineering Lifecycle Manager	Version 6.0

Configuration E

16 vulnerable

Vulnerable Software	Affected Versions
Ibm Rational Rhapsody Design Manager	Version 4.0.1
Ibm Rational Rhapsody Design Manager	Version 4.0.2
Ibm Rational Rhapsody Design Manager	Version 4.0.3
Ibm Rational Rhapsody Design Manager	Version 4.0.4
Ibm Rational Rhapsody Design Manager	Version 4.0.5
Ibm Rational Rhapsody Design Manager	Version 4.0.6
Ibm Rational Rhapsody Design Manager	Version 4.0.7
Ibm Rational Rhapsody Design Manager	Version 4.0
Ibm Rational Rhapsody Design Manager	Version 5.0.1
Ibm Rational Rhapsody Design Manager	Version 5.0.2
Ibm Rational Rhapsody Design Manager	Version 5.0
Ibm Rational Rhapsody Design Manager	Version 6.0.1
Ibm Rational Rhapsody Design Manager	Version 6.0.2
Ibm Rational Rhapsody Design Manager	Version 6.0.3
Ibm Rational Rhapsody Design Manager	Version 6.0.4
Ibm Rational Rhapsody Design Manager	Version 6.0

Configuration F

13 vulnerable

Vulnerable Software	Affected Versions
Ibm Rational Software Architect Design Manager	Version 4.0.1
Ibm Rational Software Architect Design Manager	Version 4.0.2
Ibm Rational Software Architect Design Manager	Version 4.0.3
Ibm Rational Software Architect Design Manager	Version 4.0.4
Ibm Rational Software Architect Design Manager	Version 4.0.5
Ibm Rational Software Architect Design Manager	Version 4.0.6
Ibm Rational Software Architect Design Manager	Version 4.0.7
Ibm Rational Software Architect Design Manager	Version 4.0
Ibm Rational Software Architect Design Manager	Version 5.0.1
Ibm Rational Software Architect Design Manager	Version 5.0.2
Ibm Rational Software Architect Design Manager	Version 5.0
Ibm Rational Software Architect Design Manager	Version 6.0.1
Ibm Rational Software Architect Design Manager	Version 6.0

Configuration G

15 vulnerable

Vulnerable Software	Affected Versions
Ibm Rational Collaborative Lifecycle Management	Version 4.0.1
Ibm Rational Collaborative Lifecycle Management	Version 4.0.2
Ibm Rational Collaborative Lifecycle Management	Version 4.0.3
Ibm Rational Collaborative Lifecycle Management	Version 4.0.4
Ibm Rational Collaborative Lifecycle Management	Version 4.0.5
Ibm Rational Collaborative Lifecycle Management	Version 4.0.6
Ibm Rational Collaborative Lifecycle Management	Version 4.0.7
Ibm Rational Collaborative Lifecycle Management	Version 4.0
Ibm Rational Collaborative Lifecycle Management	Version 5.0.1
Ibm Rational Collaborative Lifecycle Management	Version 5.0.2
Ibm Rational Collaborative Lifecycle Management	Version 5.0
Ibm Rational Collaborative Lifecycle Management	Version 6.0.1
Ibm Rational Collaborative Lifecycle Management	Version 6.0.3
Ibm Rational Collaborative Lifecycle Management	Version 6.0.4
Ibm Rational Collaborative Lifecycle Management	Version 6.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://www.ibm.com/support/docview.wss?uid=swg22010512

Source: psirt@us.ibm.com

Issue TrackingVendor Advisory

http://www.securityfocus.com/bid/101976

Source: psirt@us.ibm.com

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/124359

Source: psirt@us.ibm.com

Issue TrackingVDB EntryVendor Advisory

http://www.ibm.com/support/docview.wss?uid=swg22010512

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

http://www.securityfocus.com/bid/101976

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/124359

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVDB EntryVendor Advisory

Timeline

No history available yet.