PT-2014-3984 · Ibm · Ibm Infosphere Master Data Management Server For Product Information Management+1
Publicado
2014-07-19
·
Atualizado
2017-08-29
·
CVE-2014-0968
CVSS v2.0
3.5
Baixa
| Vetor | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
IBM InfoSphere Master Data Management - Collaborative Edition versions 10.x through 11.x before 11.0 FP4
IBM InfoSphere Master Data Management Server for Product Information Management versions 9.0 through 9.1
Description
The issue is related to a cross-site scripting (XSS) vulnerability in the GDS component. This allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL for an MHTML document.
Recommendations
For IBM InfoSphere Master Data Management - Collaborative Edition versions 10.x through 11.x before 11.0 FP4, update to version 11.0 FP4 or later.
For IBM InfoSphere Master Data Management Server for Product Information Management versions 9.0 through 9.1, consider disabling access to MHTML documents until a patch is available.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ibm Infosphere Master Data Management - Collaborative Edition
Ibm Infosphere Master Data Management Server For Product Information Management