Lucene search

IbmCVE-2014-0969

HistoryAug 17, 2014 - 11:55 p.m.

CVE-2014-0969

2014-08-1723:55:06

CWE-352

ibm

web.nvd.nist.gov

ibm

infosphere

master data management

csrf

vulnerability

gds

component

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.003

Percentile

65.5%

JSON

Cross-site request forgery (CSRF) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x through 11.x before 11.3-IF2 allows remote authenticated users to hijack the authentication of arbitrary users.

Affected configurations

Nvd

Node

ibminfosphere_master_data_managementMatch10.0collaborative

ibminfosphere_master_data_managementMatch10.1collaborative

ibminfosphere_master_data_managementMatch11.0collaborative

ibminfosphere_master_data_managementMatch11.3collaborative

ibminfosphere_master_data_management_server_for_product_information_managementMatch9.0

ibminfosphere_master_data_management_server_for_product_information_managementMatch9.1

ibminfosphere_master_data_management_server_for_product_information_managementMatch10.0

ibminfosphere_master_data_management_server_for_product_information_managementMatch10.0.0.1

ibminfosphere_master_data_management_server_for_product_information_managementMatch10.0.1

ibminfosphere_master_data_management_server_for_product_information_managementMatch10.1

ibminfosphere_master_data_management_server_for_product_information_managementMatch10.1.0.1

ibminfosphere_master_data_management_server_for_product_information_managementMatch10.1.0.2

ibminfosphere_master_data_management_server_for_product_information_managementMatch11.0

ibminfosphere_master_data_management_server_for_product_information_managementMatch11.3

VendorProductVersionCPE
ibminfosphere_master_data_management10.0cpe:2.3:a:ibm:infosphere_master_data_management:10.0:*:*:*:collaborative:*:*:*
ibminfosphere_master_data_management10.1cpe:2.3:a:ibm:infosphere_master_data_management:10.1:*:*:*:collaborative:*:*:*
ibminfosphere_master_data_management11.0cpe:2.3:a:ibm:infosphere_master_data_management:11.0:*:*:*:collaborative:*:*:*
ibminfosphere_master_data_management11.3cpe:2.3:a:ibm:infosphere_master_data_management:11.3:*:*:*:collaborative:*:*:*
ibminfosphere_master_data_management_server_for_product_information_management9.0cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.0:*:*:*:*:*:*:*
ibminfosphere_master_data_management_server_for_product_information_management9.1cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.1:*:*:*:*:*:*:*
ibminfosphere_master_data_management_server_for_product_information_management10.0cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:10.0:*:*:*:*:*:*:*
ibminfosphere_master_data_management_server_for_product_information_management10.0.0.1cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:10.0.0.1:*:*:*:*:*:*:*
ibminfosphere_master_data_management_server_for_product_information_management10.0.1cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:10.0.1:*:*:*:*:*:*:*
ibminfosphere_master_data_management_server_for_product_information_management10.1cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:10.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	infosphere_master_data_management	10.0	cpe:2.3:a:ibm:infosphere_master_data_management:10.0::::collaborative:::
ibm	infosphere_master_data_management	10.1	cpe:2.3:a:ibm:infosphere_master_data_management:10.1::::collaborative:::
ibm	infosphere_master_data_management	11.0	cpe:2.3:a:ibm:infosphere_master_data_management:11.0::::collaborative:::
ibm	infosphere_master_data_management	11.3	cpe:2.3:a:ibm:infosphere_master_data_management:11.3::::collaborative:::
ibm	infosphere_master_data_management_server_for_product_information_management	9.0	cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.0:::::::*
ibm	infosphere_master_data_management_server_for_product_information_management	9.1	cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:9.1:::::::*
ibm	infosphere_master_data_management_server_for_product_information_management	10.0	cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:10.0:::::::*
ibm	infosphere_master_data_management_server_for_product_information_management	10.0.0.1	cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:10.0.0.1:::::::*
ibm	infosphere_master_data_management_server_for_product_information_management	10.0.1	cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:10.0.1:::::::*
ibm	infosphere_master_data_management_server_for_product_information_management	10.1	cpe:2.3:a:ibm:infosphere_master_data_management_server_for_product_information_management:10.1:::::::*

Rows per page:

1-10 of 141

References

secunia.com/advisories/60679

secunia.com/advisories/60693

secunia.com/advisories/60695

www-01.ibm.com/support/docview.wss?uid=swg21681649

www.securityfocus.com/bid/69262

exchange.xforce.ibmcloud.com/vulnerabilities/92885

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.003

Percentile

65.5%

JSON

Related for CVE-2014-0969