CRITICAL🇵🇱 Wersja polska

CVE-2024-41779

CVSS 9.8v3.1pub. 2024-11-22upd. 2025-08-15

IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code.

🤖 AI Analysis
How it works

The vulnerability results from a synchronization error (race condition, CWE-367), in which the state of permission verification and the moment of operation execution are not properly protected against concurrent access. An attacker can send a specially crafted network request that exploits this time window to bypass access control mechanisms. As a result, remote code execution is possible without the need for authentication, from an external network.

Impact

An attacker can remotely execute arbitrary code on the server (RCE) without possessing any privileges, which can lead to complete system takeover, loss of confidentiality, integrity, and data availability.

Mitigation & patch

Patches available from the vendor should be applied in accordance with the references (https://www.ibm.com/support/pages/node/7172535). It is recommended to immediately review the IBM bulletin and implement the indicated fixes.

Who is affected

IBM Engineering Systems Design Rhapsody - Model Manager in versions 7.0.2 and 7.0.3

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • IBM Engineering Systems Design Rhapsody

    APP
    Ibm
    7.0.27.0.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Race Condition
CWE
References

Related vulnerabilities

CVE-2025-33076HIGH8.8ten sam produkt

IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow...

CVE-2025-33077HIGH8.8ten sam produkt

IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow...

CVE-2025-33020MEDIUM5.9ten sam produkt

IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryp...

CVE-2022-47986CRITICAL9.8⚠ KEVten sam vendor

IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on t...

CVE-2020-4427CRITICAL9.8⚠ KEVten sam vendor

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass sec...