Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM3D2532E5B99DF593E4F5AF7277606DCFA2266E3856D950545188FCD6459CCC18
HistoryApr 27, 2022 - 9:58 a.m.

Security Bulletin: Cross-Site Request Forgery vulnerability in IBM InfoSphere Master Data Management Server (CVE-2014-0873)

2022-04-2709:58:00
www.ibm.com
3

0.001 Low

EPSS

Percentile

40.0%

JSON

Summary

The IBM InfoSphere Master Data Management Server User Interfaces are vulnerable to Cross-Site Request Forgery attacks.

Vulnerability Details

CVE ID:CVE-2014-0873

**DESCRIPTION:**Due to insufficient safeguards against cross-site request forgery in the IBM InfoSphere Master Data Management Server (MDM) Data Stewardship, Business Admin or Product user interfaces an attacker can trick a legitimate user into opening a URL that results in an action being taken as that user, potentially without the knowledge of that user. Any actions taken require the user already be authenticated or to authenticate separately as part of the attack.

CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/90994 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

**ACKNOWLEDGEMENT:**None

Affected Products and Versions

IBM InfoSphere Master Data Management Server versions 8.5, 9.0.1, 9.0.2, 10.0, and 10.1

Remediation/Fixes

Binary fixes are provided that will resolve the issue. Furthermore, as source code for these components is also provided, instructions on how to manually apply the fixes to any customizations to the user interfaces is given in the Readme.html with each iFix package.

Vendor Fixes_: _

For IBM InfoSphere Master Data Management Server version 8.5
ยท Apply iFix 8.5.0.82

For IBM InfoSphere Master Data Management Server version 9.0.1
ยท Apply iFix 9.0.1.38

For IBM InfoSphere Master Data Management Server version 9.0.2
ยท Apply iFix 9.0.2.35
.
For IBM InfoSphere Master Data Management Server version 10.0
ยท Apply iFix 10.0.0.0.26

For IBM InfoSphere Master Data Management Server version 10.1
ยท Apply iFix 10.1.0.0.15

Instructions on how to install the fix or to manually modify the code if you have customized the user interfaces are provided in the Readme.html with each iFix package.
The source code is also provided within the iFix in a *_src.zip file for each of the user interfaces.

Workarounds and Mitigations

None known

Affected configurations

Vulners
Node
ibminfosphere_master_data_management_serverMatch8.5
OR
ibminfosphere_master_data_management_serverMatch9.0.1
OR
ibminfosphere_master_data_management_serverMatch9.0.2
OR
ibminfosphere_master_data_management_serverMatch10.0
OR
ibminfosphere_master_data_management_serverMatch10.1
OR
ibminfosphere_master_data_managementMatch10.1
OR
ibminfosphere_master_data_managementMatch10.0

Related

cve 1
prion 1
cvelist 1
nvd 1
cve
cve
CVE-2014-0873
2014-03-16 14:06:45
prion
prion
Cross site request forgery (csrf)
2014-03-16 14:06:00
cvelist
cvelist
CVE-2014-0873
2014-03-16 10:00:00
nvd
nvd
CVE-2014-0873
2014-03-16 14:06:45

0.001 Low

EPSS

Percentile

40.0%

JSON
Related for 3D2532E5B99DF593E4F5AF7277606DCFA2266E3856D950545188FCD6459CCC18
cve1prion1cvelist1nvd1