PT-2014-3984 · Ibm · Ibm Infosphere Master Data Management Server For Product Information Management+1
Published
2014-07-19
·
Updated
2017-08-29
·
CVE-2014-0968
CVSS v2.0
3.5
Low
| Vector | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
IBM InfoSphere Master Data Management - Collaborative Edition versions 10.x through 11.x before 11.0 FP4
IBM InfoSphere Master Data Management Server for Product Information Management versions 9.0 through 9.1
Description
The issue is related to a cross-site scripting (XSS) vulnerability in the GDS component. This allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL for an MHTML document.
Recommendations
For IBM InfoSphere Master Data Management - Collaborative Edition versions 10.x through 11.x before 11.0 FP4, update to version 11.0 FP4 or later.
For IBM InfoSphere Master Data Management Server for Product Information Management versions 9.0 through 9.1, consider disabling access to MHTML documents until a patch is available.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Infosphere Master Data Management - Collaborative Edition
Ibm Infosphere Master Data Management Server For Product Information Management