Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM4B07B5688A99BE34E0E38936709894347E8D805E1DC6FBA3DC6BCDD381EBBB31
HistoryApr 27, 2022 - 9:58 a.m.

Security Bulletin: IBM InfoSphere MDM Reference Data Management affected by Cross Site Scripting vulnerabilities(CVE-2015-1910)

2022-04-2709:58:00
www.ibm.com
11
ibm infosphere mdm
reference data management
cross site scripting

EPSS

0.001

Percentile

27.4%

JSON

Summary

IBM InfoSphere MDM Reference Data Management is vulnerable to Cross Site Scripting attack caused by improper validation of user-supplied input.

Vulnerability Details

CVEID:CVE-2015-1910**
DESCRIPTION: *IBM InfoSphere Master Data Management Server is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101788 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

Affected Products and Versions

IBM InfoSphere MDM Reference Data Management Versions 11.3, 11.0, 10.1.

Remediation/Fixes

The recommended solution is to apply the fix as soon as practical. Please see below for information on the fixes available.

Product VRMF APAR Remediation/First Fix
IBM InfoSphere MDM Reference Data Management

11.3

| None| 11.3-FP3
IBM InfoSphere MDM Reference Data Management|

11.0

| None| 11.0-FP3
IBM InfoSphere MDM Reference Data Management|

10.1

| None| 10.1-IF1

Workarounds and Mitigations

None known

Affected configurations

Vulners
Node
ibminfosphere_master_data_managementMatch10.1
OR
ibminfosphere_master_data_managementMatch11.0
OR
ibminfosphere_master_data_managementMatch11.3
VendorProductVersionCPE
ibminfosphere_master_data_management10.1cpe:2.3:a:ibm:infosphere_master_data_management:10.1:*:*:*:*:*:*:*
ibminfosphere_master_data_management11.0cpe:2.3:a:ibm:infosphere_master_data_management:11.0:*:*:*:*:*:*:*
ibminfosphere_master_data_management11.3cpe:2.3:a:ibm:infosphere_master_data_management:11.3:*:*:*:*:*:*:*

Related

prion 1
cve 1
cvelist 1
nvd 1
prion
prion
Cross site scripting
2015-05-25 00:59:00
cve
cve
CVE-2015-1910
2015-05-25 00:59:08
cvelist
cvelist
CVE-2015-1910
2015-05-25 00:00:00
nvd
nvd
CVE-2015-1910
2015-05-25 00:59:08

EPSS

0.001

Percentile

27.4%

JSON
Related for 4B07B5688A99BE34E0E38936709894347E8D805E1DC6FBA3DC6BCDD381EBBB31
prion1cve1cvelist1nvd1