Cross-Site Scripting Vulnerability in IBM InfoSphere Master Data Management
CVE-2015-7414

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Infosphere Master Data Management
Vendor: CVE Published:; 17 January 2016

What is CVE-2015-7414?

A cross-site scripting (XSS) vulnerability exists in the GDS component of IBM InfoSphere Master Data Management - Collaborative Edition. This vulnerability affects several versions, allowing authenticated remote users to exploit it by injecting arbitrary web scripts or HTML through specially crafted URLs. The affected versions include 9.1, 10.1, and specific iterations of 11.0, 11.3, and 11.4, posing significant security risks if not addressed. Users are advised to review their systems and apply necessary updates to safeguard against this exploit.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21971545

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 17, 2016
Vulnerability Reserved
Sep 29, 2015