IBM1FA17CD9B0CB6F3573B7F34F0372BC93F92367E57CBAD27600CF77E8A068BB62Security Bulletin: Blind SQL Injection vulnerability in GDS component of IBM InfoSphere Master Data Management - Collaborative Edition (CVE-2014-0966)
EPSS
Percentile
66.6%
Summary
IBM InfoSphere Master Data Management - Collaborative Edition could allow an attacker steal data by exploiting Blind SQL Injection.
Vulnerability Details
Description:
IBM InfoSphere Master Data Management - Collaborative Edition is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE ID: CVE-2014-0966
CVSS:
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/92880 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Affected Products and Versions
IBM InfoSphere Master Data Management - Collaborative Edition Versions 11.3, 11.0, 10.1 and 10.0 – GDS component only.
IBM InfoSphere Master Data Management Server for Product Information Management Versions 9.1 and 9.0 – GDS component only.
Remediation/Fixes
If you are using the GDS component, the recommended solution is to apply the fix as soon as practical. Please see below for information on the fixes available.
| Product | VRMF | APAR | Remediation/First Fix |
|---|---|---|---|
| IBM InfoSphere Master Data Management - Collaborative Edition |
11.0
| None| 11.0-FP5
IBM InfoSphere Master Data Management - Collaborative Edition|
10.1/10.0
| None| Contact IBM Customer Support
IBM InfoSphere Master Data Management Server for Product Information Management| 11.3| None| 11.3-IF002
IBM InfoSphere Master Data Management Server for Product Information Management| 9.1/9.0| None| Contact IBM Customer Support
Workarounds and Mitigations
None known
Related
EPSS
Percentile
66.6%