VIR Vulnerability Intelligence Relay

CVE-2016-9697

low
Published 2017-03-20 · Modified 2026-05-13
CVSS v3
3.1
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS v2
2.1
VIR risk
3.1

Description

An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 could allow an attacker to perform a JSON Hijacking Attack. A JSON Hijacking Attack may expose to an attacker information passed between the server and the browser. IBM Reference #: 1999960.

Predictions

Exploit likelihood
42%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=swg21999960

Application impact
VendorProductVersionsFixed
ibmrational_rhapsody_design_manager4.0
ibmrational_rhapsody_design_manager4.0.1
ibmrational_rhapsody_design_manager4.0.2
ibmrational_rhapsody_design_manager4.0.3
ibmrational_rhapsody_design_manager4.0.4
ibmrational_rhapsody_design_manager4.0.5
ibmrational_rhapsody_design_manager4.0.6
ibmrational_rhapsody_design_manager4.0.7
ibmrational_rhapsody_design_manager5.0
ibmrational_rhapsody_design_manager5.0.1
ibmrational_rhapsody_design_manager5.0.2
ibmrational_rhapsody_design_manager6.0
ibmrational_rhapsody_design_manager6.0.1
ibmrational_rhapsody_design_manager6.0.2

References

CWEs

CWE-200

Verify integrity in audit chain (admin only). AS-IS.