PT-2014-2924 · Ibm · Ibm Infosphere Master Data Management - Collaborative Edition+1

Publicado

2014-02-04

Atualizado

2017-08-29

CVE-2013-5427

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions IBM InfoSphere Master Data Management - Collaborative Edition versions 10.x through 10.1 FP7 IBM InfoSphere Master Data Management - Collaborative Edition versions 11.0 and earlier IBM InfoSphere Master Data Management Server for Product Information Management versions 9.0 through 9.1

Description A cross-site request forgery issue allows remote attackers to hijack the authentication of arbitrary users.

Recommendations For IBM InfoSphere Master Data Management - Collaborative Edition versions 10.x through 10.1 FP7, update to version 10.1 FP8 or later. For IBM InfoSphere Master Data Management - Collaborative Edition versions 11.0 and earlier, update to a version later than 11.0. For IBM InfoSphere Master Data Management Server for Product Information Management versions 9.0 through 9.1, consider disabling vulnerable features or functions until a patch is available.

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2013-5427

Produtos afetados

Ibm Infosphere Master Data Management - Collaborative Edition

Ibm Infosphere Master Data Management Server For Product Information Management

PT-2014-2924 · Ibm · Ibm Infosphere Master Data Management - Collaborative Edition+1

CVE-2013-5427

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3