CVE-2015-1909

Name of the Vulnerable Software and Affected Versions IBM InfoSphere Master Data Management (MDM) versions 10.1 through 10.1 before IF1 IBM InfoSphere Master Data Management (MDM) versions 11.0 through 11.0 before FP3 IBM InfoSphere Master Data Management (MDM) version 11.3 IBM InfoSphere Master Data Management (MDM) versions 11.4 through 11.4 before FP2

Description The issue allows remote attackers to read arbitrary files and obtain administrative access via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. This is due to a flaw in the XML parser in the Reference Data Management component in the server.

Recommendations For IBM InfoSphere Master Data Management (MDM) versions 10.1 through 10.1 before IF1, apply IF1 to resolve the issue. For IBM InfoSphere Master Data Management (MDM) versions 11.0 through 11.0 before FP3, apply FP3 to resolve the issue. For IBM InfoSphere Master Data Management (MDM) version 11.3, update to a version that includes the fix for this issue. For IBM InfoSphere Master Data Management (MDM) versions 11.4 through 11.4 before FP2, apply FP2 to resolve the issue.