Lucene search

IbmCVE-2014-0966

HistoryAug 17, 2014 - 11:55 p.m.

CVE-2014-0966

2014-08-1723:55:06

CWE-89

ibm

web.nvd.nist.gov

sql injection

ibm infosphere

mdm

collaborative edition

cve-2014-0966

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.003

Percentile

66.6%

JSON

SQL injection vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x through 11.x before 11.3-IF2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Affected configurations

Nvd

Node

ibminfosphere_master_data_managementMatch10.0collaborative

ibminfosphere_master_data_managementMatch10.1collaborative

ibminfosphere_master_data_managementMatch11.0collaborative

ibminfosphere_master_data_managementMatch11.3collaborative

ibminfosphere_master_data_management_server_for_product_information_managementMatch9.0

ibminfosphere_master_data_management_server_for_product_information_managementMatch9.1

ibminfosphere_master_data_management_server_for_product_information_managementMatch10.0

ibminfosphere_master_data_management_server_for_product_information_managementMatch10.0.0.1

ibminfosphere_master_data_management_server_for_product_information_managementMatch10.0.1

ibminfosphere_master_data_management_server_for_product_information_managementMatch10.1

ibminfosphere_master_data_management_server_for_product_information_managementMatch10.1.0.1

ibminfosphere_master_data_management_server_for_product_information_managementMatch10.1.0.2

ibminfosphere_master_data_management_server_for_product_information_managementMatch11.0

ibminfosphere_master_data_management_server_for_product_information_managementMatch11.3

VendorProductVersionCPE
ibminfosphere_master_data_management10.0cpe:2.3:a:ibm:infosphere_master_data_management:10.0:*:*:*:collaborative:*:*:*
ibminfosphere_master_data_management10.1cpe:2.3:a:ibm:infosphere_master_data_management:10.1:*:*:*:collaborative:*:*:*
ibminfosphere_master_data_management11.0cpe:2.3:a:ibm:infosphere_master_data_management:11.0:*:*:*:collaborative:*:*:*
ibminfosphere_master_data_management11.3cpe:2.3:a:ibm:infosphere_master_data_management:11.3:*:*:*:collaborative:*:*:*
ibminfosphere_master_data_management_server_for_product_information_management9.0cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.0:*:*:*:*:*:*:*
ibminfosphere_master_data_management_server_for_product_information_management9.1cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.1:*:*:*:*:*:*:*
ibminfosphere_master_data_management_server_for_product_information_management10.0cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:10.0:*:*:*:*:*:*:*
ibminfosphere_master_data_management_server_for_product_information_management10.0.0.1cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:10.0.0.1:*:*:*:*:*:*:*
ibminfosphere_master_data_management_server_for_product_information_management10.0.1cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:10.0.1:*:*:*:*:*:*:*
ibminfosphere_master_data_management_server_for_product_information_management10.1cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:10.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	infosphere_master_data_management	10.0	cpe:2.3:a:ibm:infosphere_master_data_management:10.0::::collaborative:::
ibm	infosphere_master_data_management	10.1	cpe:2.3:a:ibm:infosphere_master_data_management:10.1::::collaborative:::
ibm	infosphere_master_data_management	11.0	cpe:2.3:a:ibm:infosphere_master_data_management:11.0::::collaborative:::
ibm	infosphere_master_data_management	11.3	cpe:2.3:a:ibm:infosphere_master_data_management:11.3::::collaborative:::
ibm	infosphere_master_data_management_server_for_product_information_management	9.0	cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.0:::::::*
ibm	infosphere_master_data_management_server_for_product_information_management	9.1	cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.1:::::::*
ibm	infosphere_master_data_management_server_for_product_information_management	10.0	cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:10.0:::::::*
ibm	infosphere_master_data_management_server_for_product_information_management	10.0.0.1	cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:10.0.0.1:::::::*
ibm	infosphere_master_data_management_server_for_product_information_management	10.0.1	cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:10.0.1:::::::*
ibm	infosphere_master_data_management_server_for_product_information_management	10.1	cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:10.1:::::::*

Rows per page:

1-10 of 141

References

secunia.com/advisories/60679

secunia.com/advisories/60693

secunia.com/advisories/60695

www-01.ibm.com/support/docview.wss?uid=swg21681651

exchange.xforce.ibmcloud.com/vulnerabilities/92880

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.003

Percentile

66.6%

JSON

Related for CVE-2014-0966