Lucene search

IbmCVE-2015-1968

HistoryJul 20, 2015 - 1:59 a.m.

CVE-2015-1968

2015-07-2001:59:07

CWE-79

ibm

web.nvd.nist.gov

cve-2015-1968

ibm

infosphere

mdm

collaborative edition

xss

vulnerability

fp03

remote authenticated users

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

27.4%

JSON

Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Affected configurations

Nvd

Node

ibminfosphere_master_data_managementMatch9.1collaborative

ibminfosphere_master_data_managementMatch10.1collaborative

ibminfosphere_master_data_managementMatch11.0collaborative

ibminfosphere_master_data_managementMatch11.3collaborative

ibminfosphere_master_data_managementMatch11.4collaborative

VendorProductVersionCPE
ibminfosphere_master_data_management9.1cpe:2.3:a:ibm:infosphere_master_data_management:9.1:*:*:*:collaborative:*:*:*
ibminfosphere_master_data_management10.1cpe:2.3:a:ibm:infosphere_master_data_management:10.1:*:*:*:collaborative:*:*:*
ibminfosphere_master_data_management11.0cpe:2.3:a:ibm:infosphere_master_data_management:11.0:*:*:*:collaborative:*:*:*
ibminfosphere_master_data_management11.3cpe:2.3:a:ibm:infosphere_master_data_management:11.3:*:*:*:collaborative:*:*:*
ibminfosphere_master_data_management11.4cpe:2.3:a:ibm:infosphere_master_data_management:11.4:*:*:*:collaborative:*:*:*

Vendor	Product	Version	CPE
ibm	infosphere_master_data_management	9.1	cpe:2.3:a:ibm:infosphere_master_data_management:9.1::::collaborative:::
ibm	infosphere_master_data_management	10.1	cpe:2.3:a:ibm:infosphere_master_data_management:10.1::::collaborative:::
ibm	infosphere_master_data_management	11.0	cpe:2.3:a:ibm:infosphere_master_data_management:11.0::::collaborative:::
ibm	infosphere_master_data_management	11.3	cpe:2.3:a:ibm:infosphere_master_data_management:11.3::::collaborative:::
ibm	infosphere_master_data_management	11.4	cpe:2.3:a:ibm:infosphere_master_data_management:11.4::::collaborative:::

References

www-01.ibm.com/support/docview.wss?uid=swg21960244

www.securityfocus.com/bid/75476

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

27.4%

JSON

Related for CVE-2015-1968