Skip to main content

Infosphere Master Data Management Server CVE-2014-0873

MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2014-03-16 psirt@us.ibm.com
6.8
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Mar 16, 2014 - 14:06 cve.org
MEDIUM 6.8

DescriptionCVE.org

Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Data Stewardship, (2) Business Admin, and (3) Product interfaces in IBM InfoSphere Master Data Management (MDM) Server 8.5 before 8.5.0.82, 9.0.1 before 9.0.1.38, 9.0.2 before 9.0.2.35, 10.0 before 10.0.0.0.26, and 10.1 before 10.1.0.0.15 allow remote attackers to hijack the authentication of arbitrary users.

AnalysisAI

Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Data Stewardship, (2) Business Admin, and (3) Product interfaces in IBM InfoSphere Master Data Management (MDM) Server 8.5 before. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Data Stewardship, (2) Business Admin, and (3) Product interfaces in IBM InfoSphere Master Data Management (MDM) Server 8.5 before 8.5.0.82, 9.0.1 before 9.0.1.38, 9.0.2 before 9.0.2.35, 10.0 before 10.0.0.0.26, and 10.1 before 10.1.0.0.15 allow remote attackers to hijack the authentication of arbitrary users. Affected products include: Ibm Infosphere Master Data Management Server. Version information: before 8.5.0.82.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2016-9716 HIGH
8.8 Jul 31

IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forger

CVE-2016-9714 HIGH
8.8 Jul 31

IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request

CVE-2017-1309 HIGH
7.8 Jul 19

IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be rea

CVE-2015-1945 MEDIUM
6.5 Jun 02

Unspecified vulnerability in the Reference Data Management component in IBM InfoSphere Master Data Management 10.1, 11.0

CVE-2016-9717 MEDIUM
6.5 Jul 31

HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10.1. Rated medium severity (CV

CVE-2016-9719 MEDIUM
5.7 Jul 31

IBM InfoSphere Master Data Management Server 10.1. Rated medium severity (CVSS 5.7), this vulnerability is remotely expl

CVE-2017-1199 MEDIUM
5.4 Aug 03

IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scriptin

CVE-2016-9718 MEDIUM
5.4 Jul 31

IBM InfoSphere Master Data Management Server 10.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely expl

CVE-2016-9715 MEDIUM
5.4 Jul 31

IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. Rat

CVE-2015-1909 MEDIUM
5.0 May 25

The XML parser in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 1

CVE-2015-1910 LOW
3.5 May 25

Cross-site scripting (XSS) vulnerability in the Reference Data Management component in the server in IBM InfoSphere Mast

Share

CVE-2014-0873 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy