405 matches found
Security Bulletin: IBM Master Data Management is vulnerable to denial of service from a vulnerability found in OpenSSL (CVE-2022-0778)
Summary IBM Master Data Management v11.6, and v12.0 are vulnerable to a denial of service from a vulnerability found in OpenSSL. OpenSSL is vulnerable to a denial of service, caused by a flaw in the BNmodsqrt function when parsing certificates. By using a specially-crafted certificate with invali...
Security Bulletin: IBM Master Data Management has vulnerabilites from use of vulnerable Dojo 1.3.2 in WebReports (CVE-2010-2276, CVE-2018-15494, CVE-2010-2274, CVE-2010-2275, CVE-2010-2273, CVE-2018-1000665)
Summary IBM Master Data Management v11.6, v,12.0, and v14.0 are vulnerable to exploits and vulnerabilites found in Dojo 1.3.2. Dojo has an unspecified vulnerability in the default configuration of the build process and is vulnerable to cross-site scripting, caused by improper validation of...
Security Bulletin: IBM Master Data Management is vulnerable to a denial of service from a flaw in DH keys or parameters in OpenSSL (CVE-2023-3446)
Summary IBM Master Data Management v11.6, and v12.0 are vulnerable to a denial of service from a flaw in DH keys or parameters in OpenSSL. OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DHcheck, DHcheckex or EVPPKEYparamcheck functions to check a DH key or DH...
Security Bulletin: IBM Master Data Management is vulnerable to a denial of service from a flaw in DH keys or parameters in OpenSSL (CVE-2023-3817)
Summary IBM Master Data Management v11.6, and v12.0 are vulnerable to a denial of service from a flaw in DH keys or parameters in OpenSSL. OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DHcheck, DHcheckex or EVPPKEYparamcheck functions to check a DH key or DH...
Security Bulletin: IBM Master Data Management vulnerable to remote attacker due to flaws found in OpenSSL (CVE-2023-0466, CVE-2023-0465)
Summary IBM Master Data Management v11.6, and v12.0 are vulnerable to remote attackers due to flaws found in OpenSSL. OpenSSL could allow a remote attacker to bypass security restrictions, caused by a flaw in the X509VERIFYPARAMadd0policy function. By using invalid certificate policies, an attack...
Security Bulletin: IBM Master Data Management is vulnerable to specially crafted certificate chains in OpenSSL leading to a denial of service (CVE-2023-0464)
Summary IBM Master Data Management v11.6, and v12.0 are vulnerable to denial of service from specially crafted certificate chains in OpenSSL leading to a denial of service. OpenSSL is vulnerable to a denial of service, caused by an error related to the verification of X.509 certificate chains tha...
Security Bulletin: IBM Master Data Management may provide weaker than expected security due to OpenSSL through a carry propogation flaw (CVE-2021-4160)
Summary IBM Master Data Management v11.6, and v12.0 are vulnerable to a carry propogation flaw found in OpenSSL. OpenSSL could provide weaker than expected security, caused by a carry propagation flaw in the MIPS32 and MIPS64 squaring procedure. An attacker could exploit this vulnerability to...
PT-2025-1504 · Ibm · Ibm Infosphere Master Data Management
Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Master Data Management versions 11.6, 12.0, and 14.0 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure...
Security Bulletin: IBM Master Data Management vulnerable to denial of service from IBM Business Automation Workflow using Apache Johnzon
Summary IBM Master Data Management version 14.0 is impacted by vulnerability in IBM Business Automation Workflow. Apache Johnzon is vulnerable to a denial of service, caused by an unsafe deserialization flaw in BigDecimal. By sending a specially crafted JSON input, a remote attacker could exploit...
Security Bulletin: IBM Master Data Management is vulnerable to denial of service from Apache Commons Compress used in IBM Business Workflow Automation
Summary IBM Master Data Management v14.0 is vulnerable to denial of service from Apache commons compress used in IBM Business Workflow Automation. Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading a victim to open a specially crafted DUMP...
Security Bulletin: IBM Master Data Management affected by vulnerabilites in IBM WebSphere Application Server to cross-site scripting (CVE-2024-35153)
Summary IBM Master Data Management version 11.6, 12.0 and 14.0 are impacted by vulnerability in IBM WebSphere Application Server. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credential...
Security Bulletin: IBM Master Data Management vulnerable to remote code execution from vulnerability in IBM WebSphere Application Server (CVE-2024-35154)
Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server. IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Usin...
Security Bulletin: IBM Master Data Management is vulnerable to identity spoofing caused by vulnerabilites in IBM WebSphere Application Server
Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability to identity spoofing in WebSphere Application Server. IBM WebSphere Application Server is vulnerable to identity spoofing by an authenticated user due to improper signature validation. Vulnerability Details...
Security Bulletin: IBM Master Data Management affected by vulnerabilities in IBM WebSphere Application Server (CVE-2023-51775)
Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server . IBM WebSphere Application uses the jose4j library which was found to be vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted p2...
Security Bulletin: IBM Master Data Management affected by IBM WebSphere Application Server vulnerabilities to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354)
Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server. IBM WebSphere Application Server is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expo...
Security Bulletin: IBM Master Data Management affected by IBM WebSphere Application Server vulnerabilities to server-side request forgery (CVE-2024-22329)
Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server. WebSphere Application Server is vulnerable to server-side request forgery SSRF. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct th...
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management (CVE-2024-25026)
Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server which is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management (CVE-2023-50313)
Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server which could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. This may result in SSL cipher suites being ignored...
The vulnerability of the SAP Master Data Governance data management platform lies in the absence of authentication procedures, which allow attackers to escalate their privileges and disclose protected information.
The vulnerability of the SAP Master Data Governance data management platform is related to the absence of authentication procedures. Exploiting this vulnerability can allow attackers to enhance their privileges and disclose sensitive information...
SAP Master Data Governance Authorization Issues Vulnerability
SAP Master Data Governance is a suite of data management tools from SAP Germany for maintaining, validating, and distributing master data. An authorization issue vulnerability exists in SAP Master Data Governance for Material Data, which stems from a failure to perform the required authorization...