Access Control Bypass Vulnerability in IBM InfoSphere Master Data Management
CVE-2015-1984

Currently unrated

Key Information:

Vendor: IBM
Status: Infosphere Master Data Management
Vendor: CVE Published:; 20 July 2015

Summary

The vulnerability in IBM InfoSphere Master Data Management Collaborative Edition versions 9.1, 10.1, 11.0, 11.3, and 11.4 prior to FP03 allows remote authenticated users to bypass access controls. This exploitation enables attackers to read arbitrary user profiles through unspecified methods, compromising sensitive information. Such a weakness can facilitate username discovery, which could be leveraged for conducting brute-force attacks against user accounts, thus posing a significant risk to the confidentiality and integrity of user data.

References

http://www.securityfocus.com/bid/75474

vdb-entryx_refsource_BID

http://www-01.ibm.com/support/docview.wss?uid=swg21960244

x_refsource_CONFIRM

Timeline

Vulnerability published
Jul 20, 2015
Vulnerability Reserved
Feb 19, 2015