Skip to main content

Infosphere Master Data Management CVE-2023-46187

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2025-01-27 psirt@us.ibm.com
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 18:05 vuln.today
CVE Published
Jan 27, 2025 - 02:15 nvd
MEDIUM 5.4

DescriptionCVE.org

IBM InfoSphere Master Data Management 11.6, 12.0, and 14.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

AnalysisAI

IBM InfoSphere Master Data Management 11.6, 12.0, and 14.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. IBM InfoSphere Master Data Management 11.6, 12.0, and 14.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Affected products include: Ibm Infosphere Master Data Management.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2014-3063 HIGH
7.5 Aug 17

IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1-FP11 and 11.x before 11.0-FP5 and InfoSph

CVE-2017-1523 HIGH
7.5 Oct 24

IBM InfoSphere Master Data Management - Collaborative Edition 11.5 could allow an unauthorized user to download reports

CVE-2014-0969 MEDIUM
6.8 Aug 17

Cross-site request forgery (CSRF) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collabor

CVE-2014-0966 MEDIUM
6.5 Aug 17

SQL injection vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x a

CVE-2015-7414 MEDIUM
5.4 Jan 17

Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative E

CVE-2014-4775 MEDIUM
5.0 Aug 17

IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1-FP11 and 11.x before 11.0-FP5 and InfoSph

CVE-2018-1380 MEDIUM
4.9 Oct 29

IBM InfoSphere Master Data Management Collaboration Server 11.4, 11.5, and 11.6 could allow an authenticated user with C

CVE-2015-4960 MEDIUM
4.1 Jan 17

IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0

CVE-2015-1982 MEDIUM
4.0 Jul 20

IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote au

CVE-2015-1984 MEDIUM
4.0 Jul 20

IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote au

CVE-2015-1968 LOW
3.5 Jul 20

Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0,

CVE-2015-1980 LOW
3.5 Jul 20

IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote au

Share

CVE-2023-46187 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy