CVE-2014-3037

Name of the Vulnerable Software and Affected Versions IBM Configuration Management Application (aka VVC) versions prior to 4.0.7 and 5.x prior to 5.0.1 IBM Rational Engineering Lifecycle Manager versions prior to 4.0.7 and 5.x prior to 5.0.1 IBM Rational Software Architect Design Manager versions prior to 4.0.7 and 5.x prior to 5.0.1 IBM Rational Rhapsody Design Manager versions prior to 4.0.7 and 5.x prior to 5.0.1

Description A cross-site request forgery (CSRF) issue allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Recommendations For IBM Configuration Management Application (aka VVC) versions prior to 4.0.7, update to version 4.0.7 or later. For IBM Configuration Management Application (aka VVC) version 5.x prior to 5.0.1, update to version 5.0.1 or later. For IBM Rational Engineering Lifecycle Manager versions prior to 4.0.7, update to version 4.0.7 or later. For IBM Rational Engineering Lifecycle Manager version 5.x prior to 5.0.1, update to version 5.0.1 or later. For IBM Rational Software Architect Design Manager versions prior to 4.0.7, update to version 4.0.7 or later. For IBM Rational Software Architect Design Manager version 5.x prior to 5.0.1, update to version 5.0.1 or later. For IBM Rational Rhapsody Design Manager versions prior to 4.0.7, update to version 4.0.7 or later. For IBM Rational Rhapsody Design Manager version 5.x prior to 5.0.1, update to version 5.0.1 or later.