IBM InfoSphere Master Data Management Server is vulnerable to a Cross Site Request Forgery which could allow an attacker to execute malicious and unauthrized actions.
CVEID: CVE-2016-9716**
DESCRIPTION:** IBM InfoSphere Master Data Management Server is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119729 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
This vulnerability is known to affect the following offerings:
Affected IBM InfoSphere Master Data Management Server
|
Affected Versions
—|—
IBM InfoSphere Master Data Management| 11.0
IBM InfoSphere Master Data Management| 11.3
IBM InfoSphere Master Data Management| 11.4
IBM InfoSphere Master Data Management| 11.5
IBM InfoSphere Master Data Management| 11.6
The recommended solution is to apply the fix as soon as practical. Please see below for information on the fixes available.
Product**** | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
IBM InfoSphere Master Data Management Standard/Advanced Edition |
11.0
| None| 11.0.0.6-MDM-SAE-FP06IF004_ _
IBM InfoSphere Master Data Management Standard/Advanced Edition|
11.3
| None| 11.3.0.6-MDM-SE-AE-FP06IF001
IBM InfoSphere Master Data Management Standard/Advanced Edition|
11.4
| None| 11.4.0.7-MDM-SE-AE-FP07IF002
IBM InfoSphere Master Data Management Standard/Advanced Edition|
11.5
| None| 11.5.0.5-MDM-SAE-FP05IF001
IBM InfoSphere Master Data Management Standard/Advanced Edition|
11.6
| None| 11.6.0.2-MDM-SAE-IF001
None