405 matches found
The vulnerability of the web interface of the IBM InfoSphere Master Data Management platform allows a perpetrator to carry out cross-site scripting attacks.
The vulnerability of the IBM InfoSphere Master Data Management data management interface is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
CVE-2020-6249
The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAPBSFND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection...
Security Bulletin: IBM Master Data Management is vulnerable to cross-site scripting from vulnerability found in IBM WebSphere Application Server (CVE-2024-45071)
Summary IBM Master Data Management version 11.6, 12.0, and 14.0 are impacted by this vulnerability. IBM WebSphere Application Server is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intende...
Security Bulletin: IBM Master Data Management is vulnerable to stored cross-site scripting from vulnerability found in IBM WebSphere Application Server (CVE-2024-45073)
Summary IBM Master Data Management Server 11.6, 12.0, and 14.0 are vulnerable from IBM WebSphere Application Server with vulnerability in stored cross-site scripting. IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged...
Security Bulletin: IBM Master Data Management is vulnerable to an XXE attack from a vulnerability found in IBM WebSphere Application Server (CVE-2024-45072)
Summary IBM Master Data Management v11.6, v12.0, and v14.0 are vulnerable to an XXE attack from a vulnerability found in IBM WebSphere Application Server. IBM WebSphere Application Server is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A privileged user coul...
Security Bulletin: IBM Master Data Managemenet is vulnerable to an XML injection for an XXE attack due to vulnerability found in IBM Websphere Application Server (CVE-2024-45086)
Summary IBM Master Data Managemenet v11.6, v12.0, and v14.0 are vulnerable to an XML injection attack due to vulnerability found in IBM Websphere Application Server.: IBM Master Data Managemenet is vulnerable to an XML injection attack due to vulnerability found in IBM Websphere Application Serve...
Security Bulletin: IBM Master Data Management vulnerable to denial of service due to IBM WebSphere Application Server under certain configurations (CVE-2024-45085)
Summary IBM Master Data Management 11.6 is vulnerable to a denial of service from a specailly crafted request through IBM WebSphere Application Server. IBM WebSphere Application Server is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted...
CVE-2023-46187
IBM InfoSphere Master Data Management 11.6, 12.0, and 14.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2023-46187 IBM InfoSphere Master Data Management cross-site scripting
IBM InfoSphere Master Data Management 11.6, 12.0, and 14.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
IBM InfoSphere Master Data Management 跨站脚本漏洞
IBM InfoSphere Master Data Management is a product information management software from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM InfoSphere Master Data Management versions 11.6, 12.0, and 14.0 that originates from stored cross-site scripting and coul...
Security Bulletin: IBM Master Data Management is vulnerable to prototype pollution from vulnerability found in Dojo (CVE-2021-23450)
Summary IBM Master Data Management v11.6, v12.0, and v14.0 are vulnerable to prototype pollution from vulnerability found in Dojo. Dojo could allow a remote attacker to cause a denial of service, caused by a prototype pollution in the setObject function. By sending a specially-crafted request, an...
Security Bulletin: IBM Master Data Management vulnerable to denial of service in IBM Business Automation Workflow using Logback
Summary IBM Master Data Management version 14.0 is impacted by vulnerability in IBM Business Automation Workflow. QOS.ch Sarl Logback is vulnerable to a denial of service, caused by a serialization flaw in the logback receiver component. By sending a specially crafted data, a local attacker could...
Security Bulletin: IBM Master Data Management vulnerable to a denial of Service vulnerability from jose4j in IBM Business Automation Workflow
Summary IBM Master Data Management v14.0 is vulnerable to a denial of Service vulnerability from jose4j in IBM Business Automation Workflow. jose4j is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted p2c value, a remote attacker could exploit...
Security Bulletin: IBM Master Data Management Server vulnerable to a denial of service from IBM Business Workflow Automation Event Emitters using snappy
Summary IBM Master Data Management version 14.0 is vulnerable to a denial of service from a package of snappy being used in IBM Business Workflow Automation Event Emitters. snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By sending a speciall...
Security Bulletin: IBM Master Data Management has identfied a cross-site scripting vulnerability affecting Inspector application and supporting API's (CVE-2023-46187)
Summary InfoSphere Master Data Management v11.6, v12.0, and v14.0 were found to be vulnerable to cross-site scripting in Inspector application. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...
Security Bulletin: IBM Master Data Management vulnerable to information disclosure due to IBM WebSphere Application Server
Summary IBM Master Data Management version 11.6, 12.0, and 14.0 are impacted by vulnerability in IBM WebSphere Application Server that can lead to information disclosure. IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks. A...
Security Bulletin: IBM Master Data Management is vulnerable to denial of service through OpenSSL by a specially crafted request (CVE-2023-2650)
Summary IBM Master Data Management v11.6, and v12.0 are vulnerable to denial of service through OpenSSL by a specially crafted request from no message size limit. OpenSSL is vulnerable to a denial of service, caused by a flaw when using OBJobj2txt directly, or use any of the OpenSSL subsystems...
Security Bulletin: IBM Master Data Management vulnerable to remote attack and denial of service from vulnerabilites in OpenSSL (CVE-2022-4304, CVE-2023-0215, CVE-2023-0286)
Summary IBM Master Data Management v11.6, and v12.0 are vulnerable to remote attack and denial of service from vulnerabilites found in OpenSSL. OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By...
Security Bulletin: IBM Master Data Management vulnerable to denial of service from Apache Commons FileUpload (CVE-2023-24998)
Summary IBM Master Data Management v11.6, v12.0, and v14.0 are vulnerable to a denial of service caused by not limiting the number of requests processed in the file upload function in Apache Commons FileUpload. Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by...
Security Bulletin: IBM Master Data Management vulnerable to a denial of service from OpenSSL generate key function (CVE-2023-5678)
Summary IBM Master Data Management v11.6, and v12.0 are vulnerable to a denial of service from OpenSSL and an exploit found in using the DHgeneratekey function. Openssl is vulnerable to a denial of service, caused by a flaw when using DHgeneratekey function to generate an X9.42 DH key. By sending...