IBMFE5ECF74C311FDAE552908ACF40F8756DE6733D5F478310F029479D9718F8884Security Bulletin: IBM InfoSphere Master Data Management Server is vulnerable to Insecure HTTP Method - TRACE discovered in MDM User Interface (CVE-2016-9718)
0.001 Low
EPSS
Percentile
25.3%
Summary
IBM InfoSphere Master Data Management is vulnerable to a cross-site scripting Attack and could allow users to embed arbitrary JavaScript code in MDM User Interfaces and lead to disclosure of credentials.
Insecure HTTP Method - TRACE discovered in MDM User Interface affects Inspector and Web Reports in IBM InfoSphere Master Data Management.
Vulnerability Details
CVEID: CVE-2016-9718**
DESCRIPTION:** IBM InfoSphere Master Data Management Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 4.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119732 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)
Affected Products and Versions
This vulnerability is known to affect the following offerings:
Affected IBM InfoSphere Master Data Management Server
|
Affected Versions
—|—
IBM InfoSphere Master Data Management| 10.1
IBM InfoSphere Master Data Management| 11.0
IBM InfoSphere Master Data Management| 11.3
IBM InfoSphere Master Data Management| 11.4
IBM InfoSphere Master Data Management,
IBM Master Data Management on Cloud| 11.5
IBM InfoSphere Master Data Management| 11.6
Remediation/Fixes
The recommended solution is to apply the fix as soon as practical. Please see below for information on the fixes available.
| Product**** | VRMF | APAR | Remediation/First Fix |
|---|---|---|---|
| Initiate Master Data Service |
10.1
| None| 10.1.072717_IM_Initiate_MasterDataService_ALL_Interm Fix
IBM InfoSphere Master Data Management Standard/Advanced Edition|
11.0
| None| 11.0.0.6-MDM-SAE-FP06IF004_ _
IBM InfoSphere Master Data Management Standard/Advanced Edition|
11.3
| None| 11.3.0.6-MDM-SE-AE-FP06IF001
IBM InfoSphere Master Data Management Standard/Advanced Edition|
11.4
| None| 11.4.0.7-MDM-SE-AE-FP07IF002
IBM InfoSphere Master Data Management Standard/Advanced Edition,
IBM Master Data Management on Cloud|
11.5
| None| 11.5.0.5-MDM-SAE-FP05IF001
IBM InfoSphere Master Data Management Standard/Advanced Edition|
11.6
| None| 11.6.0.2-MDM-SAE-IF001
Workarounds and Mitigations
None
Affected configurations
Related
0.001 Low
EPSS
Percentile
25.3%