IBMAD3DF3EA8A27299B3F6DE313C0CED73796C877B89E98766CF6A245B88C53887ESecurity Bulletin: Cross-site Scripting vulnerability in GDS component of IBM® InfoSphere® Master Data Management - Collaborative Edition (CVE-2014-0967)
EPSS
Percentile
27.4%
Summary
IBM® InfoSphere® Master Data Management - Collaborative Edition is vulnerable to cross-site scripting that is caused by improper validation of user-supplied input. A remote attacker can use a specially crafted URL to run scripts in a victim’s web browser within the security context of the hosting website after the URL is clicked. An attacker can use this vulnerability to steal the victim’s cookie-based authentication credentials.
Vulnerability Details
CVE ID:CVE-2014-0967
CVSS:
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92882> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)
Affected Products and Versions
IBM InfoSphere Master Data Management - Collaborative Edition Versions 11.3, 11.0, 10.1 and 10.0 – GDS component only.
IBM InfoSphere Master Data Management Server for Product Information Management Versions 9.1 and 9.0 – GDS component only.
Remediation/Fixes
If you are using the GDS component, the recommended solution is to apply the fix as soon as practical. Please see below for information on the fixes available.
| Product | VRMF | APAR | Remediation/First Fix |
|---|---|---|---|
| IBM InfoSphere Master Data Management - Collaborative Edition | 11.0 | None | 11.0-FP4 |
| IBM InfoSphere Master Data Management - Collaborative Edition | 11.3 | None | 11.3-IF002 |
| IBM InfoSphere Master Data Management - Collaborative Edition | 10.1/10.0 | None | Contact IBM Customer Support |
| IBM InfoSphere Master Data Management Server for Product Information Management | 9.1/9.0 | None | Contact IBM Customer Support |
Workarounds and Mitigations
None known
Related
EPSS
Percentile
27.4%