Primary

Context

IBM Engineering Systems Design Rhapsody Stack-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A stack-based buffer overflow vulnerability has been identified in IBM Engineering Systems Design Rhapsody versions 9.0.2, 10.0, and 10.0.1. This vulnerability arises from improper bounds checking, allowing a local user to overflow the buffer and execute arbitrary code on the system.

Impact

Exploitation of this vulnerability could lead to a stack-based buffer overflow, allowing for arbitrary code execution on the affected system.

Remediation

Users can upgrade to IBM Engineering Systems Design Rhapsody 9.0.2 iFix004, 10.0 iFix002, or 10.0.1 iFix003. Instructions for downloading these fixes are available on the IBM Support Fix Central website.

Added: Jul 23, 2025, 3:30 PM

Updated: Jul 23, 2025, 3:30 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

3.3

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

3.3

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Engineering Systems Design Rhapsody Stack-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating