IBM InfoSphere Master Data Management is vulnerable to a cross-site scripting Attack and could allow users to embed arbitrary JavaScript code in the Web UI and lead to disclosure of credentials.
CVEID: CVE-2016-9715**
DESCRIPTION:** IBM InfoSphere Master Data Management Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119728 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
This vulnerability is known to affect the following offerings:
Affected IBM InfoSphere Master Data Management Server and IBM Master Data Management on Cloud
|
Affected Versions
—|—
IBM InfoSphere Master Data Management| 11.0
IBM InfoSphere Master Data Management| 11.3
IBM InfoSphere Master Data Management| 11.4
IBM InfoSphere Master Data Management
IBM Master Data Management on Cloud| 11.5
IBM InfoSphere Master Data Management| 11.6
The recommended solution is to apply the fix as soon as practical. Please see below for information on the fixes available.
Product**** | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
IBM InfoSphere Master Data Management Standard/Advanced Edition |
11.0
| None| 11.0.0.6-MDM-SAE-FP06IF004_ _
IBM InfoSphere Master Data Management Standard/Advanced Edition|
11.3
| None| 11.3.0.6-MDM-SE-AE-FP06IF001
IBM InfoSphere Master Data Management Standard/Advanced Edition|
11.4
| None| 11.4.0.7-MDM-SE-AE-FP07IF002
IBM InfoSphere Master Data Management Standard/Advanced Edition,
IBM Master Data Management on Cloud|
11.5
| None| 11.5.0.5-MDM-SAE-FP05IF001
IBM InfoSphere Master Data Management Standard/Advanced Edition|
11.6
| None| 11.6.0.2-MDM-SAE-IF001
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | infosphere_master_data_management | 11.0 | cpe:2.3:a:ibm:infosphere_master_data_management:11.0:*:*:*:*:*:*:* |
ibm | infosphere_master_data_management | 11.0.0 | cpe:2.3:a:ibm:infosphere_master_data_management:11.0.0:*:*:*:*:*:*:* |
ibm | infosphere_master_data_management | 11.3 | cpe:2.3:a:ibm:infosphere_master_data_management:11.3:*:*:*:*:*:*:* |
ibm | infosphere_master_data_management | 11.4 | cpe:2.3:a:ibm:infosphere_master_data_management:11.4:*:*:*:*:*:*:* |
ibm | infosphere_master_data_management | 11.5 | cpe:2.3:a:ibm:infosphere_master_data_management:11.5:*:*:*:*:*:*:* |
ibm | infosphere_master_data_management | 11.6 | cpe:2.3:a:ibm:infosphere_master_data_management:11.6:*:*:*:*:*:*:* |