IBM InfoSphere Master Data Management Server is vulnerable to a Cross Site Request Forgery which could allow an attacker to execute malicious and unauthrized actions.
CVEID: CVE-2016-9716**
DESCRIPTION:** IBM InfoSphere Master Data Management Server is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119729 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
This vulnerability is known to affect the following offerings:
Affected IBM InfoSphere Master Data Management Server
|
Affected Versions
—|—
IBM InfoSphere Master Data Management| 11.0
IBM InfoSphere Master Data Management| 11.3
IBM InfoSphere Master Data Management| 11.4
IBM InfoSphere Master Data Management| 11.5
IBM InfoSphere Master Data Management| 11.6
The recommended solution is to apply the fix as soon as practical. Please see below for information on the fixes available.
Product**** | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
IBM InfoSphere Master Data Management Standard/Advanced Edition |
11.0
| None| 11.0.0.6-MDM-SAE-FP06IF004_ _
IBM InfoSphere Master Data Management Standard/Advanced Edition|
11.3
| None| 11.3.0.6-MDM-SE-AE-FP06IF001
IBM InfoSphere Master Data Management Standard/Advanced Edition|
11.4
| None| 11.4.0.7-MDM-SE-AE-FP07IF002
IBM InfoSphere Master Data Management Standard/Advanced Edition|
11.5
| None| 11.5.0.5-MDM-SAE-FP05IF001
IBM InfoSphere Master Data Management Standard/Advanced Edition|
11.6
| None| 11.6.0.2-MDM-SAE-IF001
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | infosphere_master_data_management | 11.0 | cpe:2.3:a:ibm:infosphere_master_data_management:11.0:*:*:*:*:*:*:* |
ibm | infosphere_master_data_management | 11.0.0 | cpe:2.3:a:ibm:infosphere_master_data_management:11.0.0:*:*:*:*:*:*:* |
ibm | infosphere_master_data_management | 11.3 | cpe:2.3:a:ibm:infosphere_master_data_management:11.3:*:*:*:*:*:*:* |
ibm | infosphere_master_data_management | 11.4 | cpe:2.3:a:ibm:infosphere_master_data_management:11.4:*:*:*:*:*:*:* |
ibm | infosphere_master_data_management | 11.5 | cpe:2.3:a:ibm:infosphere_master_data_management:11.5:*:*:*:*:*:*:* |
ibm | infosphere_master_data_management | 11.6 | cpe:2.3:a:ibm:infosphere_master_data_management:11.6:*:*:*:*:*:*:* |