Security Bulletin: IBM InfoSphere Master Data Management Server is vulnerable to a Cross Site Request Forgery discovered in MDM User Interface (CVE-2016-9716)

Summary

IBM InfoSphere Master Data Management Server is vulnerable to a Cross Site Request Forgery which could allow an attacker to execute malicious and unauthrized actions.

Vulnerability Details

CVEID: CVE-2016-9716**
DESCRIPTION:** IBM InfoSphere Master Data Management Server is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119729 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)

Affected Products and Versions

This vulnerability is known to affect the following offerings:

Affected IBM InfoSphere Master Data Management Server

|

Affected Versions

—|—
IBM InfoSphere Master Data Management| 11.0
IBM InfoSphere Master Data Management| 11.3
IBM InfoSphere Master Data Management| 11.4
IBM InfoSphere Master Data Management| 11.5
IBM InfoSphere Master Data Management| 11.6

Remediation/Fixes

The recommended solution is to apply the fix as soon as practical. Please see below for information on the fixes available.

11.0

| None| 11.0.0.6-MDM-SAE-FP06IF004_ _
IBM InfoSphere Master Data Management Standard/Advanced Edition|

11.3

| None| 11.3.0.6-MDM-SE-AE-FP06IF001
IBM InfoSphere Master Data Management Standard/Advanced Edition|

11.4

| None| 11.4.0.7-MDM-SE-AE-FP07IF002
IBM InfoSphere Master Data Management Standard/Advanced Edition|

11.5

| None| 11.5.0.5-MDM-SAE-FP05IF001
IBM InfoSphere Master Data Management Standard/Advanced Edition|

11.6

| None| 11.6.0.2-MDM-SAE-IF001

Workarounds and Mitigations

None