IBM Rhapsody Model Manager vulnerability - 20241202001

Overview

IBM has released a security bulletin advising that versions of their Engineering Systems Design Rhapsody - Model Manager (RMM) could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code.

What is vulnerable?

Product(s) Affected	Version(s)	CVE	CVSS	Severity
RMM	Version 7.0.2 & 7.0.3	CVE-2024-41779	9.8	Critical

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month (refer Patch Management):

• IBM: https://www.ibm.com/support/pages/node/7172535

Additional References

• SecurityOnline: https://securityonline.info/cve-2024-41779-cvss-9-8-ibm-rhapsody-model-manager-vulnerability-puts-systems-at-risk/