Rhapsody under Attack: Remote Code Execution Vulnerability Detected
CVE-2024-41779

8.1HIGH

Key Information:

Vendor: IBM
Status: Engineering Systems Design Rhapsody
Vendor: CVE Published:; 22 November 2024

What is CVE-2024-41779?

The vulnerability in IBM Engineering Systems Design Rhapsody versions 7.0.2 and 7.0.3 exists due to a race condition that allows a remote attacker to bypass defined security restrictions. By sending a specifically crafted request, an attacker may exploit this flaw to execute arbitrary code on the target system, potentially compromising system integrity and confidentiality. Affected users should prioritize reviewing their systems and ensuring appropriate mitigation measures are in place to address this vulnerability.

References

https://www.ibm.com/support/pages/node/7172535

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2024