Skip to main content

Infosphere Master Data Management Server CVE-2016-9719

MEDIUM
Improper Input Validation (CWE-20)
2017-07-31 psirt@us.ibm.com
5.7
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.7 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 31, 2017 - 21:29 cve.org
MEDIUM 5.7

DescriptionCVE.org

IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 119733.

AnalysisAI

IBM InfoSphere Master Data Management Server 10.1. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-20. IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 119733. Affected products include: Ibm Infosphere Master Data Management Server.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2016-9716 HIGH
8.8 Jul 31

IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forger

CVE-2016-9714 HIGH
8.8 Jul 31

IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request

CVE-2017-1309 HIGH
7.8 Jul 19

IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be rea

CVE-2014-0873 MEDIUM
6.8 Mar 16

Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Data Stewardship, (2) Business Admin, and (3) Prod

CVE-2015-1945 MEDIUM
6.5 Jun 02

Unspecified vulnerability in the Reference Data Management component in IBM InfoSphere Master Data Management 10.1, 11.0

CVE-2016-9717 MEDIUM
6.5 Jul 31

HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10.1. Rated medium severity (CV

CVE-2017-1199 MEDIUM
5.4 Aug 03

IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scriptin

CVE-2016-9718 MEDIUM
5.4 Jul 31

IBM InfoSphere Master Data Management Server 10.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely expl

CVE-2016-9715 MEDIUM
5.4 Jul 31

IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. Rat

CVE-2015-1909 MEDIUM
5.0 May 25

The XML parser in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 1

CVE-2015-1910 LOW
3.5 May 25

Cross-site scripting (XSS) vulnerability in the Reference Data Management component in the server in IBM InfoSphere Mast

Share

CVE-2016-9719 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy