Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM9675B4B9B73F13B8EE584E437BF619F415C9791654AA292C3A0BDD4057E32522
HistoryApr 27, 2022 - 10:23 a.m.

Security Bulletin: IBM InfoSphere Master Data Management Server is vulnerable to HTTP Parameter Override discovered in MDM User Interface (CVE-2016-9717)

2022-04-2710:23:01
www.ibm.com
8

0.001 Low

EPSS

Percentile

25.7%

JSON

Summary

IBM InfoSphere Master Data Management is vulnerable to a HTTP Parameter Override which may produce an anomalous behavior in the application that can be potentially exploited .

Vulnerability Details

CVEID: CVE-2016-9717**
DESCRIPTION:** HTTP Parameter Override is identified in IBM Infosphere Master Data Management (MDM) product. It enables attackers by exposing the presence of duplicated parameters which may produce an anomalous behavior in the application that can be potentially exploited.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119730 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

This vulnerability is known to affect the following offerings:

Affected IBM InfoSphere Master Data Management Server

|

Affected Versions

—|—
IBM InfoSphere Master Data Management| 10.1
IBM InfoSphere Master Data Management| 11.0
IBM InfoSphere Master Data Management| 11.3
IBM InfoSphere Master Data Management| 11.4
IBM InfoSphere Master Data Management,
IBM Master Data Management on Cloud| 11.5
IBM InfoSphere Master Data Management| 11.6

Remediation/Fixes

The recommended solution is to apply the fix as soon as practical. Please see below for information on the fixes available.

Product**** VRMF APAR Remediation/First Fix
Initiate Master Data Service

10.1

| None| 10.1.072717_IM_Initiate_MasterDataService_ALL_Interm Fix
IBM InfoSphere Master Data Management Standard/Advanced Edition|

11.0

| None| 11.0.0.6-MDM-SAE-FP06IF004_ _
IBM InfoSphere Master Data Management Standard/Advanced Edition|

11.3

| None| 11.3.0.6-MDM-SE-AE-FP06IF001
IBM InfoSphere Master Data Management Standard/Advanced Edition|

11.4

| None| 11.4.0.7-MDM-SE-AE-FP07IF002
IBM InfoSphere Master Data Management Standard/Advanced Edition,
IBM Master Data Management on Cloud|

11.5

| None| 11.5.0.5-MDM-SAE-FP05IF001
IBM InfoSphere Master Data Management Standard/Advanced Edition|

11.6

| None| 11.6.0.2-MDM-SAE-IF001

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibminfosphere_master_data_managementMatch10.1
OR
ibminfosphere_master_data_managementMatch10.1.0
OR
ibminfosphere_master_data_managementMatch11.0
OR
ibminfosphere_master_data_managementMatch11.0.0
OR
ibminfosphere_master_data_managementMatch11.3
OR
ibminfosphere_master_data_managementMatch11.4
OR
ibminfosphere_master_data_managementMatch11.5
OR
ibminfosphere_master_data_managementMatch11.6

Related

cve 1
prion 1
cvelist 1
nvd 1
cve
cve
CVE-2016-9717
2017-07-31 21:29:00
prion
prion
Design/Logic Flaw
2017-07-31 21:29:00
cvelist
cvelist
CVE-2016-9717
2017-07-27 00:00:00
nvd
nvd
CVE-2016-9717
2017-07-31 21:29:00

0.001 Low

EPSS

Percentile

25.7%

JSON
Related for 9675B4B9B73F13B8EE584E437BF619F415C9791654AA292C3A0BDD4057E32522
cve1prion1cvelist1nvd1