CVE-2014-0873 — Cross-Site Request Forgery in IBM Infosphere Master Data Management Server

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

0.1%

top 71.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Infosphere Master Data Management Server

Timeline

PublishedMar 16

Latest updateMay 17

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Data Stewardship, (2) Business Admin, and (3) Product interfaces in IBM InfoSphere Master Data Management (MDM) Server 8.5 before 8.5.0.82, 9.0.1 before 9.0.1.38, 9.0.2 before 9.0.2.35, 10.0 before 10.0.0.0.26, and 10.1 before 10.1.0.0.15 allow remote attackers to hijack the authentication of arbitrary users.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDibm/infosphere_master_data_management_server5 versions+4

🔴Vulnerability Details

GHSA

GHSA-pg7h-r4fr-rgwp: Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Data Stewardship, (2) Business Admin, and (3) Product interfaces in IBM InfoSphe↗2022-05-17

▶

CVEList

CVE-2014-0873: Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Data Stewardship, (2) Business Admin, and (3) Product interfaces in IBM InfoSphe↗2014-03-16

▶