EUVD-2014-3085

Malware in sbrugna...

EUVD-2014-3030

Malware in sbrugna...

EUVD-2016-10518

Malware in sbrugna...

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management

Summary IBM WebSphere Application Server, used by Master Data Management, is vulnerable to spoofing via the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component. This has been addressed in the remediation section. Vulnerability Details...

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management

Summary IBM InfoSphere Master Data Management is affected by IBM WebSphere Application Server vulnerability to HTTP header injection when processing web requests. This has been addressed. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9...

Security Bulletin: Multiple vulnerabilities exist in the OpenSSL component of IBM Initiate Master Data Service and IBM InfoSphere Master Data Management Standard Edition (CVE-2013-0166, CVE-2013-0166, CVE-2012-2686)

Abstract Three security vulnerabilities exist in the version of OpenSSL shipped with IBM Initiate Master Data Service and IBM InfoSphere Master Data Management Standard Edition. See the individual descriptions for the details. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-0166 DESCRIPTION: A fl...

Security Bulletin: Open Redirect and Cross-Site Scripting Vulnerabilities in help system for InfoSphere MDM Server, InfoSphere Master Information Hub and InfoSphere MDM Custom Domain Hub (CVE-2012-2159, CVE-2012-2161)

Abstract Some scripts in the help system used by InfoSphere Master Data Management Server, InfoSphere Master Information Hub, and InfoSphere Master Data Management Custom Domain Hub are vulnerable to open redirect or cross-site scripting attacks. These vulnerabilities exist only for those custome...

Security Bulletin: Session Fixation Vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition (CVE-2013-5426)

Abstract An unspecified vulnerability in IBM InfoSphere Master Data Management – Collaborative Edition might allow an attacker to gain unauthorized access to a user's session. An attacker with access to a user's open browser before the user authenticates with the IBM InfoSphere Master Data...

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM InfoSphere Master Data Management 11.6

Summary IBM WebSphere Application Server 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. IBM X-Force ID: 181489. Vulnerability Details CVEID: CVE-2020-4464 DESCRIPTION: IBM WebSphe...

Security Bulletin: IBM InfoSphere Master Data Management Server is vulnerable to HTTP Parameter Override discovered in MDM User Interface (CVE-2016-9717)

Summary IBM InfoSphere Master Data Management is vulnerable to a HTTP Parameter Override which may produce an anomalous behavior in the application that can be potentially exploited . Vulnerability Details CVEID: CVE-2016-9717 DESCRIPTION: HTTP Parameter Override is identified in IBM Infosphere...

Security Bulletin: IBM InfoSphere Master Data Management is vulnerable to multiple OpenSSL vulnerabilities (CVE-2016-7055, CVE-2017-3730, CVE-2017-3731, CVE-2017-3732)

Summary IBM InfoSphere Master Data Management is vulnerable to multiple OpenSSL vulnerabilities that could cause the application to crash, an attacker to obtain information about the private key, or cause a denial of service. Vulnerability Details CVEID: CVE-2017-3730 DESCRIPTION: OpenSSL is...

Security Bulletin: 3RD PARTY IBM InfoSphere MDM Inspector - Cross Site Request Forgery

Summary In the MDM Inspector web application, CSRF protection is implemented by validating that the referer header is set to a allowlisted domain. It is possible to include the allowlisted domain as a subdomain of an attacker-controlled domain to bypass this validation, allowing for a CSRF attack...

Security Bulletin: InfoSphere Master Data Management 11.6 affected due to vulnerability in OpenSSL

Summary InfoSphere Master Data Management 11.6 affected due to vulnerability in OpenSSL 1.0.2s and prior. Vulnerability Details CVEID: CVE-2019-1547 DESCRIPTION: OpenSSL could allow a local authenticated attacker to obtain sensitive information, caused by the ability to construct an EC group...

Security Bulletin: Denial of service vulnerability in OpenSSL affects IBM InfoSphere Master Data Management (CVE-2016-8610)

Summary IBM Initiate Master Data Service and IBM InfoSphere Master Data Management are vulnerable to a OpenSSL denial of service attack and could cause the application to stop responding. Vulnerability Details CVEID: CVE-2016-8610 DESCRIPTION: SSL/TLS protocol is vulnerable to a denial of service...

Security Bulletin: Cross-Site Request Forgery vulnerability in IBM InfoSphere Master Data Management Server (CVE-2014-0873)

Summary The IBM InfoSphere Master Data Management Server User Interfaces are vulnerable to Cross-Site Request Forgery attacks. Vulnerability Details CVE ID: CVE-2014-0873 DESCRIPTION: Due to insufficient safeguards against cross-site request forgery in the IBM InfoSphere Master Data Management...

Security Bulletin: IBM InfoSphere MDM Reference Data Management affected by Cross Site Scripting vulnerabilities(CVE-2015-1910)

Summary IBM InfoSphere MDM Reference Data Management is vulnerable to Cross Site Scripting attack caused by improper validation of user-supplied input. Vulnerability Details CVEID: CVE-2015-1910 DESCRIPTION: IBM InfoSphere Master Data Management Server is vulnerable to cross-site scripting, cause...

Security Bulletin: Session Identifier Not Updated vulnerability in GDS component of IBM InfoSphere Master Data Management - Collaborative Edition (CVE-2014-3009)

Summary IBM InfoSphere Master Data Management - Collaborative Edition does not update the session identifier after a successful authentication. An attacker could exploit this vulnerability to gain unauthorized access to the application by acting as the session created by a regular user...

Cross site request forgery (csrf)

IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119729...

CVE-2016-9715

IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

Code injection

IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 allows remote authenticated users to conduct clickjacking attacks via a crafted web site...