CVE-2017-1287
MEDIUMIBM Rhapsody Design Manager 5.0-6.0.3 - Open Redirect
Title source: llmDescription
IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
References (2)
Core 2
Core References
VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/125148
Patch, Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg22006052
Scores
CVSS v3
5.4
EPSS
0.0056
EPSS Percentile
42.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (14)
IBM/Rational Rhapsody Design Manager
5.0
IBM/Rational Rhapsody Design Manager
5.0.1
IBM/Rational Rhapsody Design Manager
5.0.2
IBM/Rational Rhapsody Design Manager
6.0
IBM/Rational Rhapsody Design Manager
6.0.1
IBM/Rational Rhapsody Design Manager
6.0.2
IBM/Rational Rhapsody Design Manager
6.0.3
ibm/rhapsody_design_manager
5.0
ibm/rhapsody_design_manager
5.0.1
ibm/rhapsody_design_manager
5.0.2
... and 4 more
Published
Jul 24, 2017
Tracked Since
Feb 18, 2026