IBM97678C09C0A0FFB666C26F6195D95D9914C8FFE91915D2DB9CE90401D02248C7Security Bulletin: Cross site scripting vulnerability in IBM InfoSphere Master Data Management Reference Data Management Hub (CVE-2014-0850)
EPSS
Percentile
27.4%
Summary
The IBM InfoSphere Master Data Management Reference Data Management (RDM) Hub is vulnerable to cross-site scripting
Vulnerability Details
CVE ID:CVE-2014-0850
**DESCRIPTION:**An attacker can trick a user into inserting a mal-formed URL address into a browser or clicking on a mal-formed URL link and exploit a cross-site scripting vulnerability in the Reference Data Management Hub to gain unauthorized access or collect sensitive information.
CVSS:
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/90751 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)
**ACKNOWLEDGEMENT:**None
Affected Products and Versions
InfoSphere Master Data Management Reference Data Management Hub versions 10.1 and 11.0.
Remediation/Fixes
The recommended solution is to apply the fix for each named product as soon as practical. Please see below for information on the fixes available.
Vendor Fix(es):
For version 11.0:
- Apply iFix 11.0.0.0-MDM-IF008
For version 10.1:
- The fix for version 10.1 will be available in March, 2014
Workarounds and Mitigations
None known
Related
EPSS
Percentile
27.4%