PT-2014-8748 · Ibm · Ibm Infosphere Master Data Management Server For Product Information Management+2
Christophe Garrigues
+1
·
Published
2014-12-22
·
Updated
2017-09-08
·
CVE-2014-8896
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
IBM InfoSphere Master Data Management Server for Product Information Management versions 9.x through 9.1
InfoSphere Master Data Management - Collaborative Edition versions 10.x through 10.1
InfoSphere Master Data Management - Collaborative Edition version 11.0 before FP7
InfoSphere Master Data Management - Collaborative Edition versions 11.3 and 11.4 before 11.4 FP1
Description
The issue allows remote authenticated users to modify the administrator's credentials, consequently gaining privileges. This is achieved via unspecified vectors in the Collaboration Server component.
Recommendations
For IBM InfoSphere Master Data Management Server for Product Information Management versions 9.x through 9.1, update to a version outside of this range.
For InfoSphere Master Data Management - Collaborative Edition versions 10.x through 10.1, update to a version outside of this range.
For InfoSphere Master Data Management - Collaborative Edition version 11.0, apply FP7 or later.
For InfoSphere Master Data Management - Collaborative Edition versions 11.3 and 11.4, update to 11.4 FP1 or later.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Collaboration Server
Ibm Infosphere Master Data Management - Collaborative Edition
Ibm Infosphere Master Data Management Server For Product Information Management