CVE-2015-1909 — Sensitive Information Exposure in IBM Infosphere Master Data Management Server

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 47.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Infosphere Master Data Management Server

Timeline

PublishedMay 25

Latest updateMay 17

Description

The XML parser in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10.1 before IF1, 11.0 before FP3, 11.3, and 11.4 before FP2 allows remote attackers to read arbitrary files, and consequently obtain administrative access, via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/infosphere_master_data_management_server4 versions+3

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-g78r-95x5-hr62: The XML parser in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10↗2022-05-17

▶

CVEList

CVE-2015-1909: The XML parser in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10↗2015-05-25

▶