CVE-2015-1984

2015-07-2001:59:10

CWE-264

CWE-200

[email protected]

web.nvd.nist.gov

ibm

infosphere

mdm

bypass

access restrictions

cve-2015-1984

nvd

6.3 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

30.6%

JSON

IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to bypass intended access restrictions and read arbitrary profiles via unspecified vectors, as demonstrated by discovering usernames for use in brute-force attacks.

Affected configurations

NVD

Node

ibminfosphere_master_data_managementMatch9.1collaborative

ibminfosphere_master_data_managementMatch10.1collaborative

ibminfosphere_master_data_managementMatch11.0collaborative

ibminfosphere_master_data_managementMatch11.3collaborative

ibminfosphere_master_data_managementMatch11.4collaborative

CPENameOperatorVersion
ibm:infosphere_master_data_managementibm infosphere master data managementeq9.1
ibm:infosphere_master_data_managementibm infosphere master data managementeq10.1
ibm:infosphere_master_data_managementibm infosphere master data managementeq11.0
ibm:infosphere_master_data_managementibm infosphere master data managementeq11.3
ibm:infosphere_master_data_managementibm infosphere master data managementeq11.4

CPE	Name	Operator	Version
ibm:infosphere_master_data_management	ibm infosphere master data management	eq	9.1
ibm:infosphere_master_data_management	ibm infosphere master data management	eq	10.1
ibm:infosphere_master_data_management	ibm infosphere master data management	eq	11.0
ibm:infosphere_master_data_management	ibm infosphere master data management	eq	11.3
ibm:infosphere_master_data_management	ibm infosphere master data management	eq	11.4