In the MDM Inspector web application, CSRF protection is implemented by validating that the referer header is set to a allowlisted domain. It is possible to include the allowlisted domain as a subdomain of an attacker-controlled domain to bypass this validation, allowing for a CSRF attack to be launched from the attacker-controlled domain. Example attacker-domain that would be accepted by an Inspector application hosted on example.internal: example.internal.attacker.com. As the validation is not performed on the entirety of the referer header, the application will accept example.internal.attacker.com as a valid referer, allowing for CSRF to be performed from this domain.
CVEID:CVE-2020-4675
**DESCRIPTION:**IBM InfoSphere Master Data Management Server is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/186324 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
Affected Product(s) | Version(s) |
---|---|
InfoSphere Master Data Management | 11.6 |
Approach 1 : Client can avoid security(psirt) issue, by giving proper allowlist-param in web.xml. i.e. its ended by ‘/’
eg: instead of <https://accounts.google.com> -—>> <https://accounts.google.com>/
Approach 2: Apply iFix provided by MDM team
Approach 1 : Client can avoid security(psirt) issue, by giving proper allowlist-param in web.xml. i.e. its ended by ‘/’
eg: instead of <https://accounts.google.com> -—>> <https://accounts.google.com>/
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | infosphere_master_data_management | 11.6 | cpe:2.3:a:ibm:infosphere_master_data_management:11.6:*:*:*:*:*:*:* |