CVE-2015-1968

2015-07-2001:59:07

CWE-79

[email protected]

web.nvd.nist.gov

cve-2015-1968

ibm

infosphere

mdm

collaborative edition

xss

vulnerability

fp03

remote authenticated users

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.6%

JSON

Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Affected configurations

NVD

Node

ibminfosphere_master_data_managementMatch9.1collaborative

ibminfosphere_master_data_managementMatch10.1collaborative

ibminfosphere_master_data_managementMatch11.0collaborative

ibminfosphere_master_data_managementMatch11.3collaborative

ibminfosphere_master_data_managementMatch11.4collaborative

CPENameOperatorVersion
ibm:infosphere_master_data_managementibm infosphere master data managementeq9.1
ibm:infosphere_master_data_managementibm infosphere master data managementeq10.1
ibm:infosphere_master_data_managementibm infosphere master data managementeq11.0
ibm:infosphere_master_data_managementibm infosphere master data managementeq11.3
ibm:infosphere_master_data_managementibm infosphere master data managementeq11.4

CPE	Name	Operator	Version
ibm:infosphere_master_data_management	ibm infosphere master data management	eq	9.1
ibm:infosphere_master_data_management	ibm infosphere master data management	eq	10.1
ibm:infosphere_master_data_management	ibm infosphere master data management	eq	11.0
ibm:infosphere_master_data_management	ibm infosphere master data management	eq	11.3
ibm:infosphere_master_data_management	ibm infosphere master data management	eq	11.4