CVE-2017-1309 — Cleartext Storage of Sensitive Info in IBM Infosphere Master Data Management

CWE-312 — Cleartext Storage of Sensitive Info4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 93.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Infosphere Master Data Management IBM Infosphere Master Data Management Server

Timeline

PublishedJul 19

Latest updateMay 13

Description

IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 125463.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDibm/infosphere_master_data_management_server5 versions+4

▶CVEListV5ibm/infosphere_master_data_management5 versions+4

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-828m-7pfw-8m6p: IBM InfoSphere Master Data Management Server 11↗2022-05-13

▶

CVEList

CVE-2017-1309: IBM InfoSphere Master Data Management Server 11↗2017-07-19

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Edge 38.14393.1066.0 - Memory Corruption with Partial Page Loading↗2017-09-19

▶