Christophe Garrigues

**Name of the Vulnerable Software and Affected Versions** IBM InfoSphere Master Data Management Server for Product Information Management versions 9.x through 9.1 InfoSphere Master Data Management - Collaborative Edition versions 10.x through 10.1 InfoSphere Master Data Management - Collaborative Edition version 11.0 before FP7 InfoSphere Master Data Management - Collaborative Edition versions 11.3 and 11.4 before 11.4 FP1 **Description** The issue allows remote authenticated users to modify the administrator's credentials, consequently gaining privileges. This is achieved via unspecified vectors in the Collaboration Server component. **Recommendations** For IBM InfoSphere Master Data Management Server for Product Information Management versions 9.x through 9.1, update to a version outside of this range. For InfoSphere Master Data Management - Collaborative Edition versions 10.x through 10.1, update to a version outside of this range. For InfoSphere Master Data Management - Collaborative Edition version 11.0, apply FP7 or later. For InfoSphere Master Data Management - Collaborative Edition versions 11.3 and 11.4, update to 11.4 FP1 or later.

Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8898 and CVE-2014-8899.

Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8897 and CVE-2014-8899.

Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8897 and CVE-2014-8898.