CVE-2014-3037
Summary
| CVE | CVE-2014-3037 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-09-10 10:55:00 UTC |
| Updated | 2017-08-29 01:34:00 UTC |
| Description | Cross-site request forgery (CSRF) vulnerability in IBM Configuration Management Application (aka VVC) in IBM Rational Engineering Lifecycle Manager before 4.0.7 and 5.x before 5.0.1, Rational Software Architect Design Manager before 4.0.7 and 5.x before 5.0.1, and Rational Rhapsody Design Manager before 4.0.7 and 5.x before 5.0.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. |
Risk And Classification
Problem Types: CWE-352
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Multiple IBM Products CVE-2014-3037 Cross Site Request Forgery Vulnerability | BID | www.securityfocus.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Security Advisory SA60649 - IBM Rational Products Cross-Site Request Forgery Vulnerability - Secunia | SECUNIA | secunia.com | |
| Security Advisory SA61071 - IBM Rational Engineering Lifecycle Manager Two Vulnerabilities - Secunia | SECUNIA | secunia.com | |
| Security Bulletin: Vulnerability in Rational Engineering Lifecycle Manager, Rational Software Architect Design Manager and Rhapsody Design Manager (CVE-2014-3037) | CONFIRM | www-01.ibm.com | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.