CVE-2025-33020 (GCVE-0-2025-33020)

Vulnerability from cvelistv5 – Published: 2025-07-23 14:47 – Updated: 2025-08-18 01:31
VLAI?
Title
IBM Engineering Systems Design Rhapsody information disclosure
Summary
IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensitive information.
Severity ?
5.9 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
  • CWE-311 - Missing Encryption of Sensitive Data
Assigner
ibm
References
Impacted products
Vendor Product Version
IBM Engineering Systems Design Rhapsody Affected: 9.0.2, 10.0, 10.0.1
    cpe:2.3:a:ibm:rhapsody_design_manager:9.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:rhapsody_design_manager:10.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:rhapsody_design_manager:10.0.1:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-33020",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-23T15:19:37.960391Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-23T15:19:44.640Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:rhapsody_design_manager:9.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:rhapsody_design_manager:10.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:rhapsody_design_manager:10.0.1:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Engineering Systems Design Rhapsody",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.0.2, 10.0, 10.0.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensitive information."
            }
          ],
          "value": "IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensitive information."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-311",
              "description": "CWE-311 Missing Encryption of Sensitive Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-18T01:31:04.799Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7240374"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Engineering Systems Design Rhapsody 9.0.2 iFix004\u003cbr\u003eIBM Engineering Systems Design Rhapsody 10.0 iFix002\u003cbr\u003eIBM Engineering Systems Design Rhapsody 10.0.1 iFix003\u003cbr\u003e"
            }
          ],
          "value": "IBM Engineering Systems Design Rhapsody 9.0.2 iFix004\nIBM Engineering Systems Design Rhapsody 10.0 iFix002\nIBM Engineering Systems Design Rhapsody 10.0.1 iFix003"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Engineering Systems Design Rhapsody information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-33020",
    "datePublished": "2025-07-23T14:47:29.357Z",
    "dateReserved": "2025-04-15T09:48:51.520Z",
    "dateUpdated": "2025-08-18T01:31:04.799Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-33020\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2025-07-23T15:15:31.247\",\"lastModified\":\"2025-08-11T18:56:26.707\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensitive information.\"},{\"lang\":\"es\",\"value\":\"IBM Engineering Systems Design Rhapsody 9.0.2, 10.0 y 10.0.1 transmite informaci\u00f3n confidencial sin cifrado, lo que podr\u00eda permitir que un atacante obtenga informaci\u00f3n altamente confidencial.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-311\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:engineering_systems_design_rhapsody:9.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64C85F02-6144-4DCF-A6F8-712547BFB741\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:engineering_systems_design_rhapsody:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CD01272-AA22-450C-9DB1-0237E228956B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:engineering_systems_design_rhapsody:10.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BC9B2A1-D4AA-4739-AD52-6BA029A724EE\"}]}]}],\"references\":[{\"url\":\"https://www.ibm.com/support/pages/node/7240374\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-33020\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-23T15:19:37.960391Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-23T15:19:39.839Z\"}}], \"cna\": {\"title\": \"IBM Engineering Systems Design Rhapsody information disclosure\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ibm:rhapsody_design_manager:9.0.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:rhapsody_design_manager:10.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:rhapsody_design_manager:10.0.1:*:*:*:*:*:*:*\"], \"vendor\": \"IBM\", \"product\": \"Engineering Systems Design Rhapsody\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.0.2, 10.0, 10.0.1\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"IBM Engineering Systems Design Rhapsody 9.0.2 iFix004\\nIBM Engineering Systems Design Rhapsody 10.0 iFix002\\nIBM Engineering Systems Design Rhapsody 10.0.1 iFix003\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"IBM Engineering Systems Design Rhapsody 9.0.2 iFix004\u003cbr\u003eIBM Engineering Systems Design Rhapsody 10.0 iFix002\u003cbr\u003eIBM Engineering Systems Design Rhapsody 10.0.1 iFix003\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7240374\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensitive information.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensitive information.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-311\", \"description\": \"CWE-311 Missing Encryption of Sensitive Data\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2025-08-18T01:31:04.799Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-33020\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-18T01:31:04.799Z\", \"dateReserved\": \"2025-04-15T09:48:51.520Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2025-07-23T14:47:29.357Z\", \"assignerShortName\": \"ibm\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.