Skip to main content

Infosphere Master Data Management Server CVE-2016-9717

MEDIUM
Improper Input Validation (CWE-20)
2017-07-31 psirt@us.ibm.com
6.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 31, 2017 - 21:29 cve.org
MEDIUM 6.5

DescriptionCVE.org

HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 product. It enables attackers by exposing the presence of duplicated parameters which may produce an anomalous behavior in the application that can be potentially exploited.

AnalysisAI

HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-20. HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 product. It enables attackers by exposing the presence of duplicated parameters which may produce an anomalous behavior in the application that can be potentially exploited. Affected products include: Ibm Infosphere Master Data Management Server.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2016-9716 HIGH
8.8 Jul 31

IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forger

CVE-2016-9714 HIGH
8.8 Jul 31

IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request

CVE-2017-1309 HIGH
7.8 Jul 19

IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be rea

CVE-2014-0873 MEDIUM
6.8 Mar 16

Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Data Stewardship, (2) Business Admin, and (3) Prod

CVE-2015-1945 MEDIUM
6.5 Jun 02

Unspecified vulnerability in the Reference Data Management component in IBM InfoSphere Master Data Management 10.1, 11.0

CVE-2016-9719 MEDIUM
5.7 Jul 31

IBM InfoSphere Master Data Management Server 10.1. Rated medium severity (CVSS 5.7), this vulnerability is remotely expl

CVE-2017-1199 MEDIUM
5.4 Aug 03

IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scriptin

CVE-2016-9718 MEDIUM
5.4 Jul 31

IBM InfoSphere Master Data Management Server 10.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely expl

CVE-2016-9715 MEDIUM
5.4 Jul 31

IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. Rat

CVE-2015-1909 MEDIUM
5.0 May 25

The XML parser in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 1

CVE-2015-1910 LOW
3.5 May 25

Cross-site scripting (XSS) vulnerability in the Reference Data Management component in the server in IBM InfoSphere Mast

Share

CVE-2016-9717 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy