Infosphere Master Data Management Server
by IBM
CVEs (9)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-9716 | Hig | 0.57 | 8.8 | 0.00 | Jul 31, 2017 | IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119729. | |
| CVE-2017-1309 | Hig | 0.51 | 7.8 | 0.00 | Jul 19, 2017 | IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 125463. | |
| CVE-2016-9717 | Med | 0.42 | 6.5 | 0.00 | Jul 31, 2017 | HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 product. It enables attackers by exposing the presence of duplicated parameters which may produce an anomalous behavior in the application that can be potentially exploited. | |
| CVE-2017-1199 | Med | 0.35 | 5.4 | 0.00 | Aug 3, 2017 | IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123674. | |
| CVE-2016-9715 | Med | 0.35 | 5.4 | 0.00 | Jul 31, 2017 | IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119728. | |
| CVE-2015-1945 | 0.00 | — | 0.00 | Jun 2, 2015 | Unspecified vulnerability in the Reference Data Management component in IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 before FP3, and 11.4 allows remote authenticated users to gain privileges via unknown vectors. | ||
| CVE-2015-1910 | 0.00 | — | 0.00 | May 25, 2015 | Cross-site scripting (XSS) vulnerability in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10.1 before IF1, 11.0 before FP3, and 11.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | ||
| CVE-2015-1909 | 0.00 | — | 0.00 | May 25, 2015 | The XML parser in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10.1 before IF1, 11.0 before FP3, 11.3, and 11.4 before FP2 allows remote attackers to read arbitrary files, and consequently obtain administrative access, via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||
| CVE-2014-0873 | 0.00 | — | 0.00 | Mar 16, 2014 | Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Data Stewardship, (2) Business Admin, and (3) Product interfaces in IBM InfoSphere Master Data Management (MDM) Server 8.5 before 8.5.0.82, 9.0.1 before 9.0.1.38, 9.0.2 before 9.0.2.35, 10.0 before 10.0.0.0.26, and 10.1 before 10.1.0.0.15 allow remote attackers to hijack the authentication of arbitrary users. |