IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1999960.
2017-06-08T21:29:00.533
2025-04-20T01:37:25.860
Deferred
CVSSv3.0: 8.1 (HIGH)
AV:N/AC:L/Au:S/C:P/I:N/A:C
8.0
7.8
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | ibm | rational_rhapsody_design_manager | 4.0 | Yes |
| Application | ibm | rational_rhapsody_design_manager | 4.0.1 | Yes |
| Application | ibm | rational_rhapsody_design_manager | 4.0.2 | Yes |
| Application | ibm | rational_rhapsody_design_manager | 4.0.3 | Yes |
| Application | ibm | rational_rhapsody_design_manager | 4.0.4 | Yes |
| Application | ibm | rational_rhapsody_design_manager | 4.0.5 | Yes |
| Application | ibm | rational_rhapsody_design_manager | 4.0.6 | Yes |
| Application | ibm | rational_rhapsody_design_manager | 4.0.7 | Yes |
| Application | ibm | rational_rhapsody_design_manager | 5.0 | Yes |
| Application | ibm | rational_rhapsody_design_manager | 5.0.1 | Yes |
| Application | ibm | rational_rhapsody_design_manager | 5.0.2 | Yes |
| Application | ibm | rational_rhapsody_design_manager | 6.0 | Yes |
| Application | ibm | rational_rhapsody_design_manager | 6.0.1 | Yes |
| Application | ibm | rational_rhapsody_design_manager | 6.0.2 | Yes |