Unrated severityNVD Advisory· Published Sep 10, 2014· Updated May 6, 2026

CVE-2014-3037

Description

Cross-site request forgery (CSRF) vulnerability in IBM Configuration Management Application (aka VVC) in IBM Rational Engineering Lifecycle Manager before 4.0.7 and 5.x before 5.0.1, Rational Software Architect Design Manager before 4.0.7 and 5.x before 5.0.1, and Rational Rhapsody Design Manager before 4.0.7 and 5.x before 5.0.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Affected products

IBM/Rational Rhapsody Design Manager11 versions
cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*range: <=4.0.6
- cpe:2.3:a:ibm:rational_rhapsody_design_manager:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_rhapsody_design_manager:3.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_rhapsody_design_manager:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0:*:*:*:*:*:*:*
IBM/Rational Software Architect Design Manager10 versions
cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*range: <=4.0.6
- cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_software_architect_design_manager:3.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*
IBM/Rational Engineering Lifecycle Manager7 versions
cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*range: <=4.06
- cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:1.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.03:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.04:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.05:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www-01.ibm.com/support/docview.wssnvdPatchVendor Advisory
secunia.com/advisories/60649nvd
secunia.com/advisories/61071nvd
www.securityfocus.com/bid/69658nvd
exchange.xforce.ibmcloud.com/vulnerabilities/93303nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000