The IBM InfoSphere Master Data Management Reference Data Management (RDM) Hub is vulnerable to cross-site scripting
CVE ID:CVE-2014-0850
**DESCRIPTION:**An attacker can trick a user into inserting a mal-formed URL address into a browser or clicking on a mal-formed URL link and exploit a cross-site scripting vulnerability in the Reference Data Management Hub to gain unauthorized access or collect sensitive information.
CVSS:
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/90751 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)
**ACKNOWLEDGEMENT:**None
InfoSphere Master Data Management Reference Data Management Hub versions 10.1 and 11.0.
The recommended solution is to apply the fix for each named product as soon as practical. Please see below for information on the fixes available.
Vendor Fix(es):
For version 11.0:
- Apply iFix 11.0.0.0-MDM-IF008
For version 10.1:
- The fix for version 10.1 will be available in March, 2014
None known